CVE-2026-6057
published 2026-04-10CVE-2026-6057: FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.93%
56.0th percentile
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| falkordb | falkordb_browser | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
FalkorDB Browser 1.9.3 File Upload API path traversal
vuldb·2026-05-20·CVSS 9.8
CVE-2026-6057 [CRITICAL] FalkorDB Browser 1.9.3 File Upload API path traversal
A vulnerability was found in FalkorDB Browser 1.9.3. It has been classified as critical. This affects an unknown part of the component File Upload API. This manipulation causes path traversal.
The identification of this vulnerability is CVE-2026-6057. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to install a patch to address this issue.
GHSA
GHSA-2987-f6gf-82vj: FalkorDB Browser 1
ghsa_unreviewed·2026-04-10
CVE-2026-6057 [CRITICAL] CWE-22 GHSA-2987-f6gf-82vj: FalkorDB Browser 1
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-10
Published