CVE-2026-28373CRITICAL 9.6EPSS p33.6%

CVE-2026-28373CVE-2026-28373

stackfield / stackfield

Description

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.6% · 2026-06-18T12:00:27Z
Published2026-04-03
Last modified2026-06-02

Underlying weaknesses· 1

CWE-22

References

  1. https://www.rcesecurity.com/2026/03/stackfield-desktop-app-rce-via-path-traversal-and-arbitrary-file-write-cve-2026-28373/
  2. https://www.rcesecurity.com/advisories/cve-2026-28373/
  3. https://www.stackfield.com/desktop-apps

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32684
CVE
CVE-2026-28827
CVE
CVE-2026-20688
CVE
CVE-2026-7302
CVE
CVE-2026-22557
CVE
CVE-2026-11419
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.