PatchSiren cyber security CVE debrief
CVE-2026-57389 Adrian Tobey CVE debrief
CVE-2026-57389 is a Path Traversal vulnerability in Groundhogg plugin versions up to 4.4.1. This issue allows for Path Traversal attacks and has a CVSS score of 8.6, classified as HIGH severity. Users of Groundhogg plugin versions up to 4.4.1 should apply patches or mitigations. The vulnerability affects Groundhogg versions from n/a through <= 4.4.1.
- Vendor
- Adrian Tobey
- Product
- Groundhogg
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Groundhogg plugin versions up to 4.4.1 should apply patches or mitigations. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Technical summary
CVE-2026-57389 is an Improper Limitation of a Pathname to a Restricted Directory vulnerability in the Groundhogg plugin. This issue allows for Path Traversal attacks and affects Groundhogg versions from n/a through <= 4.4.1. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. Users should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Defensive priority
High priority due to high CVSS score and potential for Path Traversal attacks.
Recommended defensive actions
- Apply patches or updates to Groundhogg plugin versions up to 4.4.1
- Implement mitigations or compensating controls to prevent Path Traversal attacks
- Monitor for suspicious activity or potential exploitation attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
Evidence is limited; verify affected versions and apply patches or mitigations. Groundhogg plugin versions up to 4.4.1 are affected. Users should confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Official resources
-
CVE-2026-57389 CVE record
CVE.org
-
CVE-2026-57389 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:32.160Z and has not been modified since then.