HIGH
Webkul
CVE published 2026-06-08
CVE-2026-9506
CVE-2026-9506 is a high-severity path traversal vulnerability in the ImageCacheController component of Bagisto. This vulnerability, with a CVSS score of 8.7, allows an unauthenticated remote attacker to access arbitrary files outside the intended directory by sending crafted path traversal sequences through the filename parameter. Successful exploitation could enable an attacker to read arbitrary sensitiv [truncated]