Directory Traversal Vulnerability in Cloudreve File Management System
CVE-2026-54563
7.1HIGH
What is CVE-2026-54563?
A directory traversal vulnerability in Cloudreve, a self-hosted file management system, allows attackers to bypass defined directory restrictions. Affected versions prior to 4.16.1 permit unauthorized access to sensitive files outside of the configured folder through manipulated WebDAV requests. By exploiting this weakness, attackers using scoped credentials can read, list, and even modify files outside their designated access, posing serious security risks. The vulnerability has been addressed in version 4.16.1, which is recommended for all users to mitigate any associated risks.
Affected Version(s)
cloudreve < 4.16.1
