Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by FalkorDB
CVE-2026-6057 (GCVE-0-2026-6057)
Vulnerability from cvelistv5 – Published: 2026-04-10 09:16 – Updated: 2026-04-10 20:25
VLAI
Title
Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution
Summary
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FalkorDB | FalkorDB Browser |
Affected:
1.9.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-6057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:24:59.231118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:25:53.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit",
"Windows"
],
"product": "FalkorDB Browser",
"vendor": "FalkorDB",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramesh Gunnam from Securin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.\u003c/p\u003e"
}
],
"value": "FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T09:16:30.338Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"url": "https://github.com/FalkorDB/falkordb-browser"
},
{
"url": "https://github.com/FalkorDB/falkordb-browser/pull/1611"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-6057",
"datePublished": "2026-04-10T09:16:30.338Z",
"dateReserved": "2026-04-10T00:33:01.535Z",
"dateUpdated": "2026-04-10T20:25:53.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}