CVE Catalog
CVE-2026-36500
CriticalCVSS 9.1Summary
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.
Risk Assessment
Attackers may gain access to unauthorized files in the system, potentially leading to the exposure of sensitive data.
Recommendation
It is recommended to upgrade to the latest version of Controller to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.

