CVE-2026-49009
Directory Traversal in Mender Server
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| northerntech | mender_server | to 4.1.1 (exc) |
| northerntech | mender_server | to 4.0.1 (inc) |
| northerntech | mender_server | to 4.0.2 (inc) |
| northern.tech | mender_server | to 4.1.1 (exc) |
| northern.tech | mender_server | to 4.0.1 (inc) |
| northern.tech | mender_server | 4.1.1 |
| northern.tech | mender_server | 4.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Directory Traversal issue found in Northern.tech Mender Server versions 4.1.0, 4.0.1 and earlier. Directory Traversal allows an attacker to access files and directories that are stored outside the intended directory, potentially exposing sensitive information or system files.
How can this vulnerability impact me? :
Exploitation of this Directory Traversal vulnerability could allow an attacker to read or access files on the server that should be restricted. This could lead to unauthorized disclosure of sensitive data, compromise of system integrity, or further attacks leveraging the accessed information.