Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-7086
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-27 Apr, 2026 | 04:15
Updated At-27 Apr, 2026 | 11:22
Rejected At-
▼CVE Numbering Authority (CNA)
HBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is still unclear if this vulnerability genuinely exists. The vendor explains in a reply to the issue report, that "[t]he URL of this interface is designed to only be a local address or a trusted domain address configured in docker, and will not contain malicious links, unless the user modifies the code causing unexpected situations."

Affected Products
Vendor
HBAI-Ltd
Product
Toonflow-app
Modules
  • Storyboard Export
Versions
Affected
  • 1.1.0
  • 1.1.1
Problem Types
TypeCWE IDDescription
CWECWE-22Path Traversal
Type: CWE
CWE ID: CWE-22
Description: Path Traversal
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C
3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C
2.04.0N/A
AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:C
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C
Version: 2.0
Base score: 4.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Yu-Bao (VulDB User)
coordinator
VulDB CNA Team
Timeline
EventDate
Advisory disclosed2026-04-26 00:00:00
VulDB entry created2026-04-26 02:00:00
VulDB entry last update2026-04-26 10:21:42
Event: Advisory disclosed
Date: 2026-04-26 00:00:00
Event: VulDB entry created
Date: 2026-04-26 02:00:00
Event: VulDB entry last update
Date: 2026-04-26 10:21:42
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/359661
vdb-entry
technical-description
https://vuldb.com/vuln/359661/cti
signature
permissions-required
https://vuldb.com/submit/799584
third-party-advisory
https://github.com/HBAI-Ltd/Toonflow-app/issues/97
exploit
issue-tracking
https://github.com/HBAI-Ltd/Toonflow-app/issues/97#issuecomment-4208207717
issue-tracking
https://github.com/HBAI-Ltd/Toonflow-app/
product
Hyperlink: https://vuldb.com/vuln/359661
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/359661/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/799584
Resource:
third-party-advisory
Hyperlink: https://github.com/HBAI-Ltd/Toonflow-app/issues/97
Resource:
exploit
issue-tracking
Hyperlink: https://github.com/HBAI-Ltd/Toonflow-app/issues/97#issuecomment-4208207717
Resource:
issue-tracking
Hyperlink: https://github.com/HBAI-Ltd/Toonflow-app/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found