Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wqut-1edy-g7de
Summary
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files outside the intended directory on the targeted system.



Successful exploitation of this vulnerability could allow an attacker to read arbitrary sensitive files on the targeted system.
Aliases
0
alias CVE-2026-9506
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-9506
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29668
published_at 2026-06-11T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29865
published_at 2026-06-12T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29881
published_at 2026-06-13T12:55:00Z
3
value 0.0015
scoring_system epss
scoring_elements 0.35563
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-9506
1
reference_url https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0292
reference_id s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0292
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-08T10:21:56Z/
url https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0292
Weaknesses
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Exploits
Severity_range_score8.7 - 8.7
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wqut-1edy-g7de