Path Traversal Vulnerability in Postman API by Black Lantern Security
CVE-2026-12568

6.5MEDIUM

Key Information:

Vendor: Black Lantern Security
Status: Bbot
Vendor: CVE Published:; 17 June 2026

🔔 Create Black Lantern Security Vulnerability Alert

What is CVE-2026-12568?

The postman_download module in the Postman API is susceptible to a path traversal vulnerability due to unsafe handling of the workspace name field. When a workspace is named with certain malicious characters, it can lead to the construction of an unintended file path, potentially allowing an attacker to write arbitrary files anywhere in the user's system. This occurs as the system does not perform necessary sanitization of the input, which can have serious implications for system integrity and security.

Affected Version(s)

BBOT 2.1.0

References

https://github.com/blacklanternsecurity/bbot/commit/36bc2...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 17, 2026

CVE-2026-12568 Data

JSON