CVE-2026-53777 – Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

CVE ID :CVE-2026-53777

Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago

Description :Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-47181 – PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover

CVE-2026-45176 – Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation

CVE-2025-30431 – Apple macOS Information Disclosure

CVE-2025-24268 – Apple macOS Directory Traversal