Authenticated File Write Vulnerability in Bugsink Error Tracking Tool
CVE-2026-40162

7.1HIGH

Key Information:

Vendor: Bugsink
Status: Bugsink
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40162?

Bugsink 2.1.0, a self-hosted error tracking tool, contains an authenticated file write vulnerability within its artifact bundle assembly flow. This security flaw allows an authenticated user, possessing a valid authentication token, to manipulate the application into writing malicious content to locations on the filesystem that are writable by the Bugsink process. This issue has been resolved in the subsequent release, Bugsink 2.1.1, which addresses the threat and enhances overall security.

Affected Version(s)

bugsink >= 2.1.0, < 2.1.1

References

https://github.com/bugsink/bugsink/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/bugsink/bugsink/releases/tag/2.1.1

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40162 Data

JSON