How severe is CVE-2020-26299?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2020-26299?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2020-26299

CRITICAL Year: 2020

CVSS v3 Score

9.6

Critical

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).

CVE-2019-16064

CRITICAL

CVSS:9.6(Critical)

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By explo...

CWE-222019

CVE-2020-15182

CRITICAL

CVSS:9.6(Critical)

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allow...

CWE-222020

CVE-2023-27269

CRITICAL

CVSS:9.6(Critical)

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations t...

CWE-222023

CVE-2023-27501

CRITICAL

CVSS:9.6(Critical)

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information p...

CWE-222023

CVE-2023-42657

CRITICAL

CVSS:9.6(Critical)

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir,...

CWE-222023

CVE-2023-47222

CRITICAL

CVSS:9.6(Critical)

An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a ...

CWE-222023

CVE-2020-26299

Vulnerability Description

Related Vulnerabilities

CVE-2019-16064

CVE-2020-15182

CVE-2023-27269

CVE-2023-27501

CVE-2023-42657

CVE-2023-47222