Filtered by vendor Rickknowles
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56122 | 1 Rickknowles | 1 Winstone Servlet Container | 2026-06-26 | 7.5 High |
| Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges. | ||||
Page 1 of 1.