Plattform
nodejs
Komponente
saltcorn
Behoben in
1.4.6
1.5.1
1.6.1
CVE-2026-40163 describes a Path Traversal vulnerability discovered in Saltcorn, an open-source no-code database application builder. This flaw allows unauthenticated attackers to manipulate the server's filesystem, potentially leading to unauthorized access and code execution. The vulnerability impacts versions 1.4.0 through 1.6.0-beta.3, and a fix is available in version 1.4.5 and later.
The impact of this vulnerability is significant due to its unauthenticated nature and the ability to write arbitrary files. An attacker could leverage this to gain persistent access to the server by creating malicious configuration files, injecting backdoors, or even executing arbitrary code if the server environment allows it. The ability to list directory contents further exacerbates the risk, allowing attackers to identify sensitive files and potentially escalate their access. Successful exploitation could lead to complete server compromise and data exfiltration.
This vulnerability was publicly disclosed on 2026-04-10. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation, combined with the unauthenticated nature of the vulnerability, suggests a potential for future exploitation if left unpatched.
Organizations utilizing Saltcorn for internal application development or data management are at risk. Shared hosting environments where multiple Saltcorn instances reside on the same server are particularly vulnerable, as a compromise of one instance could potentially impact others. Legacy Saltcorn deployments using older versions are also at increased risk.
• nodejs: Monitor Saltcorn logs for unusual file creation events, particularly in unexpected directories. Use lsof or fuser to identify processes accessing sensitive files.
lsof | grep /path/to/saltcorn/data• generic web: Monitor access logs for requests to /sync/offlinechanges and /sync/uploadfinished originating from unexpected IP addresses.
grep '/sync/offline_changes|/sync/upload_finished' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.10% (28% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade Saltcorn to version 1.4.5, 1.5.5, or 1.6.0-beta.4. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting file system access permissions for the Saltcorn user account. Implement a Web Application Firewall (WAF) with rules to block requests containing path traversal attempts (e.g., ../ sequences). Monitor Saltcorn logs for suspicious file creation or access patterns. After upgrading, confirm the fix by attempting a path traversal attack via the /sync/offlinechanges and /sync/uploadfinished endpoints and verifying that access is denied.
Actualice Saltcorn a la versión 1.4.5, 1.5.5 o 1.6.0-beta.4 para mitigar la vulnerabilidad de recorrido de directorios no autenticado. Estas versiones corrigen el problema al implementar controles de acceso adecuados para las rutas /sync/offline_changes y /sync/upload_finished, previniendo la escritura arbitraria de archivos y la lectura de directorios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40163 is a Path Traversal vulnerability affecting Saltcorn versions 1.4.0 through 1.6.0-beta.3, allowing unauthenticated attackers to write files to the server's filesystem.
You are affected if you are running Saltcorn versions 1.4.0 through 1.6.0-beta.3. Upgrade to 1.4.5 or later to mitigate the risk.
Upgrade Saltcorn to version 1.4.5 or later. If immediate upgrade is not possible, implement file system access controls and consider WAF rules.
While no public exploits are currently known, the ease of exploitation makes it a potential target and warrants immediate attention.
Refer to the Saltcorn security advisory for detailed information and updates: [https://saltcorn.com/security/advisories](https://saltcorn.com/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.