CVE-2026-12568
published 2026-06-17CVE-2026-12568: The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious…
PriorityP338medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.25%
16.3th percentile
The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker to write arbitrary files to the user's system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| black_lantern_security | bbot | >= 2.1.0 < 2.8.6 | 2.8.6 |
| black_lantern_security | bbot | 2.1.0 – <=2.8.5 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cvelistv5v3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
BBOT: Arbitrary File Write in postman_download Module
ghsa·2026-06-18
CVE-2026-12568 [MEDIUM] CWE-125 BBOT: Arbitrary File Write in postman_download Module
BBOT: Arbitrary File Write in postman_download Module
The `postman_download` module uses the workspace `name` field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker to write arbitrary files to the user's system.
CVEList
Arbitrary File Write in postman_download module
cvelistv5·2026-06-17·CVSS 6.5
CVE-2026-12568 [MEDIUM] CWE-22 Arbitrary File Write in postman_download module
Arbitrary File Write in postman_download module
The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker to write arbitrary files to the user's system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published