CVE-2026-41465
Deferred Deferred - Pending Action
Path Traversal in ProjeQtor Log Viewer Allows Arbitrary File Read

Publication date: 2026-04-27

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41465
EUVD
EUVD-2026-25868
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
projeqtor projeqtor From 7.0 (inc) to 12.4.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows authenticated attackers to read arbitrary log files on the server by exploiting a path traversal flaw. Such unauthorized access to potentially sensitive log data can lead to confidentiality breaches.

Confidentiality breaches caused by this vulnerability may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information and proper access controls to prevent unauthorized data disclosure.

Executive Summary

CVE-2026-41465 is a path traversal vulnerability affecting ProjeQtor versions 7.0 through 12.4.3. It exists in the log file viewer component within the dynamicDialog.php file. The vulnerability occurs because the "logname" parameter is not properly validated to block directory traversal sequences such as "../". This allows authenticated attackers to inject these sequences into the parameter, enabling them to access and read arbitrary .log files on the server's filesystem that the web server process can access.

Impact Analysis

This vulnerability can impact you by allowing an authenticated attacker to read sensitive log files on the server. Since the attacker can access arbitrary .log files, they might obtain confidential information contained within those logs, such as system details, user activities, or other sensitive data. This compromises the confidentiality of your system's information and could potentially aid further attacks or data breaches.

Mitigation Strategies

The vulnerability exists because the logname parameter in dynamicDialog.php is not validated against directory traversal sequences, allowing authenticated attackers to read arbitrary .log files.

Immediate mitigation steps include restricting access to the dynamicDialog.php log file viewer to trusted users only, ensuring that only authenticated users with minimal privileges can access it.

Additionally, monitor and restrict web server file permissions to limit access to sensitive log files.

Applying any available patches or updates from ProjeQtor that address this vulnerability is also recommended.

Detection Guidance

This vulnerability can be detected by checking if the dynamicDialog.php file's log file viewer is accessible and if the logname parameter is vulnerable to directory traversal sequences such as "../".

A practical approach is to attempt to access arbitrary log files by sending HTTP requests with crafted logname parameters containing directory traversal sequences.

For example, you can use curl commands to test the vulnerability by trying to read sensitive log files:

  • curl -u <username>:<password> "http://<target>/dynamicDialog.php?logname=../../../../etc/passwd"
  • curl -u <username>:<password> "http://<target>/dynamicDialog.php?logname=../../../../var/log/apache2/access.log"

Replace <username>, <password>, and <target> with appropriate values. Successful retrieval of file contents indicates the presence of the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41465. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart