Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

rickknowles

Source -

CNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found

CVE-2026-56122
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.65%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:34
Updated-25 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.

Action-Not Available
Vendor-rickknowles
Product-Winstone Servlet Container
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')