Plattform
other
Komponente
crafty-controller
Behoben in
4.8.0
CVE-2026-0805 identifies a Path Traversal vulnerability within the Backup Configuration component of Crafty Controller. This flaw allows a remote, authenticated attacker to potentially tamper with files and even achieve remote code execution. The vulnerability impacts versions 4.5.0 through 4.8.0 of Crafty Controller, and a fix is available in version 4.8.0.
The impact of CVE-2026-0805 is significant due to the potential for both file tampering and remote code execution. An attacker exploiting this vulnerability could overwrite critical configuration files, leading to denial of service or system instability. More concerningly, successful exploitation could allow the attacker to execute arbitrary commands on the server, granting them complete control over the system. This could result in data breaches, malware installation, or further compromise of the network. The ability to traverse the file system makes this vulnerability particularly dangerous, as it bypasses typical access controls.
CVE-2026-0805 was publicly disclosed on 2026-01-30. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (POC) code has been released. The vulnerability has not been added to the CISA KEV catalog at the time of writing. The severity is considered HIGH due to the potential for remote code execution.
Organizations utilizing Crafty Controller versions 4.5.0 through 4.8.0, particularly those with remote access enabled or lacking robust authentication controls, are at risk. Shared hosting environments where multiple users share the same Crafty Controller instance are also particularly vulnerable.
disclosure
Exploit-Status
EPSS
0.05% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-0805 is to upgrade Crafty Controller to version 4.8.0 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing stricter access controls to the Backup Configuration component to limit the attacker's ability to traverse the file system. Review and restrict file permissions to prevent unauthorized modifications. Monitor system logs for suspicious activity, particularly attempts to access or modify files outside of expected directories. While a WAF might offer some protection, it's unlikely to fully mitigate the vulnerability without careful configuration and rule creation.
Actualice Crafty Controller a la versión 4.8.0 o superior. Esta versión contiene la corrección para la vulnerabilidad de path traversal. La actualización mitigará el riesgo de manipulación de archivos y ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-0805 is a Path Traversal vulnerability in Crafty Controller versions 4.5.0–4.8.0, allowing attackers to access files outside the intended directory and potentially execute code.
If you are using Crafty Controller versions 4.5.0 through 4.8.0, you are potentially affected by this vulnerability. Upgrade to version 4.8.0 to mitigate the risk.
The recommended fix is to upgrade Crafty Controller to version 4.8.0 or later. If immediate upgrade isn't possible, implement temporary workarounds like restricting access and input validation.
Currently, there are no publicly known active exploitation campaigns for CVE-2026-0805, but it's crucial to apply the patch promptly.
Refer to the official Crafty Controller security advisory for detailed information and updates regarding CVE-2026-0805.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.