Path Traversal Vulnerability in Rawchen Sims Remote File Deletion
CVE-2026-7024

5.3MEDIUM

Key Information:

Vendor

Rawchen

Status
Sims
Vendor
CVE Published:
26 April 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-7024?

A path traversal vulnerability exists in Rawchen Sims affecting the deleteFileServlet endpoint. This flaw enables an attacker to manipulate the filename argument, potentially leading to unauthorized file deletion. The issue can be exploited remotely, allowing attackers to gain unauthorized access to the filesystem. Since the product does not use versioning, specific details about affected versions remain unclear. Early notifications to the vendor went unanswered, raising concerns about the urgency of remediation.

Affected Version(s)

sims 004f783b1db5ecdfad81c8fdc3b34171211112de

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-7024 - Proof of Concept

References

https://vuldb.com/vuln/359603
vdb-entrytechnical-description
https://vuldb.com/vuln/359603/cti
signaturepermissions-required
https://vuldb.com/submit/797682
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

yingxiujie (VulDB User)
VulDB CNA Team
.