CVE-2026-2692

MEDIUM WAF: High
CVSS 6.5 Published: 2026-02-19
CWE-22

A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used.

WAF Coverage Analysis

Path Traversal High WAF Coverage

OWASP: A01:2021 Broken Access Control

930xxx - Local File Inclusion

Affected Software

VendorProductVersion
cocoteanetcyreneadminup to 1.3.0

References

  • vuldb.com (Permissions Required, VDB Entry)
  • vuldb.com (Third Party Advisory, VDB Entry)
  • vuldb.com (Exploit, Third Party Advisory, VDB Entry)
Back to CVE Database