PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57389 Adrian Tobey CVE debrief

CVE-2026-57389 is a Path Traversal vulnerability in Groundhogg plugin versions up to 4.4.1. This issue allows for Path Traversal attacks and has a CVSS score of 8.6, classified as HIGH severity. Users of Groundhogg plugin versions up to 4.4.1 should apply patches or mitigations. The vulnerability affects Groundhogg versions from n/a through <= 4.4.1.

Vendor
Adrian Tobey
Product
Groundhogg
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Groundhogg plugin versions up to 4.4.1 should apply patches or mitigations. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Technical summary

CVE-2026-57389 is an Improper Limitation of a Pathname to a Restricted Directory vulnerability in the Groundhogg plugin. This issue allows for Path Traversal attacks and affects Groundhogg versions from n/a through <= 4.4.1. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. Users should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Defensive priority

High priority due to high CVSS score and potential for Path Traversal attacks.

Recommended defensive actions

  • Apply patches or updates to Groundhogg plugin versions up to 4.4.1
  • Implement mitigations or compensating controls to prevent Path Traversal attacks
  • Monitor for suspicious activity or potential exploitation attempts
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

Evidence is limited; verify affected versions and apply patches or mitigations. Groundhogg plugin versions up to 4.4.1 are affected. Users should confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:32.160Z and has not been modified since then.