File Manipulation Vulnerability in Mockoon API Design Tool
CVE-2026-59149

6.5MEDIUM

Key Information:

Vendor

Mockoon

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-59149?

Prior to version 9.7.0, Mockoon was vulnerable to a file manipulation issue where a FILE response could potentially allow unauthenticated clients to access files outside of the intended directory. The vulnerability arose from the inadequate restriction of file paths processed by the server, permitting traversal through sibling directories. This flaw could be exploited to read sensitive files by leveraging HTTP response mechanisms or WebSocket callbacks, underscoring the necessity for version upgrades to ensure file access integrity.

Affected Version(s)

mockoon < 9.7.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.