SB2026042407 - Relative Path Traversal in Text Generation Web UI



SB2026042407 - Relative Path Traversal in Text Generation Web UI

Published: April 24, 2026

Security Bulletin ID SB2026042407
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Relative Path Traversal (CVE-ID: CVE-2025-62364)

CWE-ID: CWE-23 - Relative Path Traversal

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper neutralization of file paths in the character picture upload feature when processing an uploaded symbolic link file. A remote attacker can upload a crafted .txt file containing a symbolic link and access the uploaded file URL to disclose sensitive information.

The issue can expose server files such as system configuration files and credentials.


Remediation

Install update from vendor's website.