PatchSiren cyber security CVE debrief
CVE-2026-49112 Tammersoft CVE debrief
CVE-2026-49112 is a HIGH severity vulnerability (CVSS Score: 7.5) in the Shared Files plugin, affecting versions <= 1.7.64. The vulnerability allows unauthenticated path traversal. The CVE was published on 2026-06-15T21:17:20.990Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- Tammersoft
- Product
- Shared Files
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Shared Files plugin versions <= 1.7.64 should apply patches or mitigations to prevent unauthenticated path traversal attacks.
Technical summary
The vulnerability is caused by an unauthenticated path traversal issue in the Shared Files plugin. This could allow attackers to access sensitive files or data.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to Shared Files plugin versions <= 1.7.64.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/shared-files/vulnerability/wordpress-shared-files-plugin-1-7-64-path-traversal-vulnerability?_s_id=cve) for mitigation or vendor reference.
Evidence notes
The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-49112) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-49112) provide additional information on this vulnerability.
Official resources
-
CVE-2026-49112 CVE record
CVE.org
-
CVE-2026-49112 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49112 was published on 2026-06-15T21:17:20.990Z and last modified on 2026-06-15T21:24:32.790Z.