Directory Traversal Vulnerability in Cloudreve File Management System
CVE-2026-54563

7.1HIGH

Key Information:

Vendor

Cloudreve

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-54563?

A directory traversal vulnerability in Cloudreve, a self-hosted file management system, allows attackers to bypass defined directory restrictions. Affected versions prior to 4.16.1 permit unauthorized access to sensitive files outside of the configured folder through manipulated WebDAV requests. By exploiting this weakness, attackers using scoped credentials can read, list, and even modify files outside their designated access, posing serious security risks. The vulnerability has been addressed in version 4.16.1, which is recommended for all users to mitigate any associated risks.

Affected Version(s)

cloudreve < 4.16.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.