Path Traversal Vulnerability in Rockwell Automation ThinManager Software
CVE-2026-11917
7.2HIGH
Key Information:
- Vendor
Rockwell Automation
- Status
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-11917?
A path traversal security issue has been identified in Rockwell Automation's ThinManager software, arising from improper constraints on file save operations within its API. This vulnerability could allow an authenticated attacker to exploit the API and write arbitrary files to restricted directories outside the intended application directory. As a consequence, this could potentially lead to unauthorized access, data breaches, or manipulation of critical system files. It is essential for users of ThinManager to be aware of this vulnerability and take necessary precautions to safeguard their systems.
Affected Version(s)
FactoryTalk ThinManager 13.0.0 β 13.0.7, 13.1.0 β 13.1.5, 13.2.0 β 13.2.4, 14.0.0 β 14.0.2