CVE-2026-9506EPSS p36.0%

CVE-2026-9506CVE-2026-9506

Description

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files outside the intended directory on the targeted system. Successful exploitation of this vulnerability could allow an attacker to read arbitrary sensitive files on the targeted system.

Scoring

EPSS0.46% probability of exploitation · percentile 36.0% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5027
CVE
CVE-2026-0805
CVE
CVE-2026-0963
CVE
CVE-2025-24937
CVE
CVE-2025-3365
CVE
CVE-2025-60946
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.