Skip to content
CVSS 7.3 · HIGH

CVE-2026-7214

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument WORKSPACE_PATH leads to path traversal. The attack may be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Ver en NVD

Análisis

This vulnerability affects a niche Python project called engineer-your-data, allowing for remote path traversal via the WORKSPACE_PATH argument. While the impact is high and an exploit is public, the project lacks significant adoption or relevance to the broader development community in Mexico.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-22

EPSS

Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 17.3%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument WORKSPACE_PATH leads to path traversal. The attack may be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Publicada: 28/4/2026, 2:16:08
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo