File Manipulation Vulnerability in Mockoon API Design Tool
CVE-2026-59149
6.5MEDIUM
What is CVE-2026-59149?
Prior to version 9.7.0, Mockoon was vulnerable to a file manipulation issue where a FILE response could potentially allow unauthenticated clients to access files outside of the intended directory. The vulnerability arose from the inadequate restriction of file paths processed by the server, permitting traversal through sibling directories. This flaw could be exploited to read sensitive files by leveraging HTTP response mechanisms or WebSocket callbacks, underscoring the necessity for version upgrades to ensure file access integrity.
Affected Version(s)
mockoon < 9.7.0
