In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
Loading...
Loading...
Score elevated to 9.8 because EPSS predicts 93% probability of exploitation within the next 30 days (top 0.2% of all CVEs). NVD baseline CVSS 9.8 retained for reference. Confidence: see factors.
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
August 17, 2023
November 21, 2024
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (1 Metasploit module) (1 GitHub PoC). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
CVE-2023-26469 REC PoC
Open source ↗Jorani unauthenticated Remote Code Execution
Open source ↗Jorani 1.0.0 - Remote Code Execution
Open source ↗Explore the affected products and dependency analysis for CVE-2023-26469
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.