CVE-2026-46747
MEDIUMDescription
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.
Is your site exposed to CVE-2026-46747?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-46747? +
How severe is CVE-2026-46747? +
What products are affected by CVE-2026-46747? +
How do I check if I'm vulnerable to CVE-2026-46747? +
Related Vulnerabilities
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to …
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative …
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability …
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with …
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java …
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute …