A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A path traversal vulnerability in Vertex, a management tool for Private Tracker (PT) users, allows unauthorized file system access. The vulnerability exists in versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11. The CVSS 3.1 score of 8.6 (HIGH) reflects network attackability with no required privileges or user interaction, yielding high confidentiality impact and low integrity/availability [truncated]