MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-25228

🟡 MEDIUM

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Wind...

Published
Feb 02, 2026
Last Modified
Feb 02, 2026
Views
6
Bookmarks
0

Description

Request Expert Review

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The validateAppId() function blocks forward slashes (/) but not backslashes (\), which are treated as directory separators by path.join() on Windows. This enables attackers to escape the intended applicationData directory. This vulnerability is fixed in 2.20.3.

CVSS Scores

CVSS 3.1 5.0
5.0
MEDIUM
CVSS 2.0 5.0

References

github.com github.com

Additional Information

Source
security-advisories@github.com
State
Received

Related CVEs

CVE-2026-0909

MEDIUM

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the...

Score: 5.3

CVE-2026-25144

MEDIUM

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved...

Score: 5.3

CVE-2026-25142

CRITICAL

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain protot...

Score: 10.0

CVE-2026-25137

CRITICAL

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the d...

Score: 9.1

CVE-2026-25060

HIGH

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communicatio...

Score: 8.1

CVE-2026-25059

HIGH

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation ha...

Score: 8.8

Share CVE-2026-25228

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-25228 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis