External Control of File Name or Path

CVE-2026-43891

High

7.5/10

Summary

The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. This affects versions prior to 0.55.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

References

Advisory

Advisory Timeline

Published May 12, 2026

External Control of File Name or Path

CVE-2026-43891

Summary

CWE-73 - External Control of File Name or Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS