CVE-2026-25228 – SignalK Server has Path Traversal leading to information disclosure

CVE ID : CVE-2026-25228

Published : Feb. 2, 2026, 11:02 p.m. | 13 minutes ago

Description : Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server’s applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The validateAppId() function blocks forward slashes (/) but not backslashes (), which are treated as directory separators by path.join() on Windows. This enables attackers to escape the intended applicationData directory. This vulnerability is fixed in 2.20.3.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-25228 – SignalK Server has Path Traversal leading to information disclosure

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2025-61642 – Stored XSS through system messages provided to CodexHtmlForms

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-15556 – Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification

CVE-2025-12773 – Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a

CVE-2025-11173 – Reauth for enabling 2FA can be bypassed by submitting a form

CVE-2025-11261 – Stored i18n XSS exposed by security patch for T402077