CVE-2026-26002
Received Received - Intake
Directory Traversal Vulnerability in Open OnDemand Files Application

Publication date: 2026-03-04

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-03-05
EPSS Evaluated
2026-05-05
NVD
CVE-2026-26002
EUVD
EUVD-2026-9500
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
osc open_ondemand to 3.1.16 (exc)
osc open_ondemand From 4.0.0 (inc) to 4.0.9 (exc)
osc open_ondemand From 4.1.0 (inc) to 4.1.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the Files application of Open OnDemand versions prior to 4.0.9 and 4.1.3. It is caused by the application being susceptible to malicious input when navigating to a directory. This means that an attacker could potentially exploit the way the application handles directory navigation inputs to cause unintended behavior or compromise.

This issue has been fixed in versions 4.0.9 and 4.1.3, so only versions below these remain vulnerable.


How can this vulnerability impact me? :

Exploitation of this vulnerability could allow an attacker to leverage malicious input during directory navigation to potentially disrupt the application or gain unauthorized access or control within the Open OnDemand portal environment.

Given the CVSS base score of 6.3, the impact is considered moderate, indicating that the vulnerability could lead to significant but not critical consequences if exploited.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Open OnDemand to version 4.0.9 or 4.1.3 or later, as these versions contain the patch that fixes the issue.

Versions prior to 4.0.9 and 4.1.3 remain susceptible, so running those versions should be avoided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart