CVE-2026-0963 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) in Crafty Controller

CVE ID : CVE-2026-0963

Published : Jan. 30, 2026, 6:04 a.m. | 1 hour, 6 minutes ago

Description : An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…