CNNVD-202602-536 Information

CNNVD ID

CNNVD-202602-536

Related CVE

CVE-2026-25575

• CNNVD Published: 2026-02-04

Description (Chinese)

NavigaTUM是TUM Developers开源的一个导航工具软件。 NavigaTUM 86f34c7之前版本存在安全漏洞，该漏洞源于propose_edits端点未清理文件路径，可能导致路径遍历和文件覆盖。

Description (English)

NavigaTUM is a navigation tool software for the TUM Developments Open Source. The previous version of NavigaTUM 86f34c7 had a security loophole, which stemmed from the uncleaned file path of the propose edits endpoint, which could lead to a routing and file overlay.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

TUM Developers

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/TUM-Dev/NavigaTUM/commit/86f34c72886a59ec8f1e6c00f78a5ab889a70fd0 https://github.com/TUM-Dev/NavigaTUM/pull/2650 https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59hj-f48w-hjfm

Patch

https://nav.tum.de/