CVE-2026-28507
HIGH WAF: High
CVSS 7.2
Published: 2026-03-06
CWE-78
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| withknown | known | up to 1.6.4 |
References
- github.com (Product, Release Notes)
- github.com (Exploit, Mitigation, Vendor Advisory)