Vulnerabilities

Report: CVE-2026-46402 - Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path

2026-05-28 0 views admin

CVE ID :CVE-2026-46402 Published : May 27, 2026, 11:16 p.m. | 14 minutes ago Description :Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An authenticated client can supply path traversal sequences in task_name and cause UFO to create log directories and log files outside the intended logs/ directory. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-46402

Severity

HIGH

Published

May 27, 2026

Affected Product: Microsoft UFO

Impact: path traversal

🏷️ Tags

report46402microsoftuntrustedtask_namepathsallowingauthenticatedcverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-46402 - Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-8915 - Samsung Escargot Out-of-Bounds Write Buffer Overflow - Expert Insights

Report: CVE-2026-4888 - Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <=

Report: Ultimate Guide: CVE-2026-21785 - HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Se...

Report: CVE-2026-47270 - pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_re

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting