CVE-2026-5966
published 2026-04-20CVE-2026-5966: ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path…
PriorityP353high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.41%
32.7th percentile
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| teamt5 | threatsonar_anti-ransomware | < 4.0.0 | 4.0.0 |
| teamt5 | threatsonar_anti-ransomware | <= 4.0.0 | — |
| wwbn | avideo | 0 – 26.0 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv4.07.2HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-544v-v93w-x43g: ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability
ghsa_unreviewed·2026-04-20
CVE-2026-5966 [HIGH] CWE-23 GHSA-544v-v93w-x43g: ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
VulDB
TeamT5 ThreatSonar Anti-Ransomware up to 4.0.0 path traversal (EUVD-2026-23799)
vuldb·2026-04-20·CVSS 7.2
CVE-2026-5966 [HIGH] TeamT5 ThreatSonar Anti-Ransomware up to 4.0.0 path traversal (EUVD-2026-23799)
A vulnerability, which was classified as problematic, was found in TeamT5 ThreatSonar Anti-Ransomware up to 4.0.0. This impacts an unknown function. The manipulation results in relative path traversal.
This vulnerability is known as CVE-2026-5966. It is possible to launch the attack remotely. No exploit is available.
GHSA
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
ghsa·2026-03-20
CVE-2026-33512 [HIGH] CWE-287 AVideo has an unauthenticated decrypt oracle leaking any ciphertext
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
### Summary
The API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so any user can recover protected tokens/metadata. Severity: High.
### Details
- Entry: `plugin/API/get.json.php` is unauthenticated.
- Handler: `plugin/API/API.php` `get_api_decryptString()` (lines ~5945–5966):
```php
$string = decryptString($_REQUEST['string']);
return new ApiObject($string, empty($string));
```
No APISecret or user check occurs before decrypting.
- Public ciphertext source: `view/url2Embed.json.php` returns `playLink`/`playEmbedLink` (`encryptString(json_encode(...))`) to any caller.
### PoC
1. Obta
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published