CVE-2026-6057CRITICAL 9.8EPSS p55.8%

CVE-2026-6057CVE-2026-6057

Description

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.93% probability of exploitation · percentile 55.8% · 2026-06-19T12:03:05Z
Published2026-04-10
Last modified2026-05-19

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/FalkorDB/falkordb-browser
  2. https://github.com/FalkorDB/falkordb-browser/pull/1611

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21628
CVE
CVE-2026-2701
CVE
CVE-2026-39292
CVE
CVE-2026-5027
CVE
CVE-2025-57790
CVE
CVE-2025-41735
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.