CNNVD-202601-4461 Information

CNNVD ID

CNNVD-202601-4461

Related CVE

CVE-2026-24741

• CNNVD Published: 2026-01-27

Description (Chinese)

ConvertX是ConvertX公司的一个文件格式转换工具。 ConvertX 0.17.0之前版本存在路径遍历漏洞，该漏洞源于POST /delete端点使用用户控制的文件名值构造文件系统路径并删除，可能导致任意文件删除。

Description (English)

ConvertX is a file formatting tool for ConvertX. There is a loophole in the pre-ConvertX 0.17.0, which stems from the use of user-controlled filenames at the POST/delete end to construct and remove a file system path, which may lead to the deletion of any file.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

ConvertX

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/C4illin/ConvertX/commit/7a936bdc0463936463616381ca257b13babc5e77 https://github.com/C4illin/ConvertX/security/advisories/GHSA-w372-w6cr-45jp https://access.redhat.com/security/cve/cve-2026-24741

Patch

https://github.com/C4illin/ConvertX/releases