Path Traversal Vulnerability in 4ga Boards by RARgames
CVE-2026-41419

7.6HIGH

Key Information:

Vendor: Rargames
Status: 4gaboards
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-41419?

The path traversal vulnerability in 4ga Boards prior to version 3.3.5 permits authenticated users with board import permissions to exploit file upload functionality. This flaw allows the server to ingest arbitrary host files as attachments during the import of BOARDS archives. Consequently, once the files are imported, they can be accessed and downloaded via the application's standard interface, which leads to unauthorized disclosure of sensitive files present on the server. This vulnerability is addressed in version 3.3.5 of 4ga Boards.

Affected Version(s)

4gaBoards < 3.3.5

References

https://github.com/RARgames/4gaBoards/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41419 Data

JSON

Rargames

What is CVE-2026-41419?

Affected Version(s)

References

CVSS V3.1

Timeline