Path Traversal Vulnerability in AIL Framework PDF Handling
CVE-2026-59510

7.1HIGH

Key Information:

Vendor
CVE Published:
5 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-59510?

The AIL Framework suffers from a path traversal vulnerability in its handling of PDF objects. This issue arises from the PDF.get_filepath() function, which allows an authenticated attacker to exploit crafted identifiers. By using relative traversal sequences or absolute path components, an attacker could potentially access files outside of the secured PDF storage directory. This breach may disclose sensitive information, including application configurations and credentials. The vulnerability has been addressed, ensuring that only paths within the designated PDF_FOLDER are accepted by implementing path canonicalization and verification.

Affected Version(s)

ail-framework Linux 0

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jeroen Pinoy
Aurelien Thirion
.