Path Traversal Vulnerability in Heym File Upload Functionality
CVE-2026-45225

7.2HIGH

Key Information:

Vendor: Heymrun
Status: Heym
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-45225?

Heym versions prior to 0.0.21 are susceptible to a path traversal vulnerability in their file upload functionality. This issue allows authenticated users to conduct unauthorized file operations by manipulating the filename parameter with traversal sequences. Such exploitation can enable attackers to bypass security constraints, facilitating the reading, writing, or deletion of files outside the intended storage directory, potentially compromising the integrity and confidentiality of the system. Users and administrators should upgrade to Heym version 0.0.21 or later to mitigate this vulnerability.

Affected Version(s)

heym 0

heym 0 < 0.0.21

heym 835843e6d2bf7d018cbb8e50f28f0426eaa20c84

References

https://github.com/heymrun/heym/releases/tag/v0.0.21

release-notes

https://github.com/heymrun/heym/pull/92

issue-tracking

https://github.com/heymrun/heym/commit/835843e6d2bf7d018c...

patch

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 11, 2026

Credit

Chia Min Jun Lennon

CVE-2026-45225 Data

JSON