Path Traversal Vulnerability in AIL Framework PDF Handling
CVE-2026-59510
7.1HIGH
What is CVE-2026-59510?
The AIL Framework suffers from a path traversal vulnerability in its handling of PDF objects. This issue arises from the PDF.get_filepath() function, which allows an authenticated attacker to exploit crafted identifiers. By using relative traversal sequences or absolute path components, an attacker could potentially access files outside of the secured PDF storage directory. This breach may disclose sensitive information, including application configurations and credentials. The vulnerability has been addressed, ensuring that only paths within the designated PDF_FOLDER are accepted by implementing path canonicalization and verification.
Affected Version(s)
ail-framework Linux 0
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Jeroen Pinoy
Aurelien Thirion
