4ga Boards: Import Path Traversal Leads to Arbitrary File Read

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Description

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. This vulnerability is fixed in 3.3.5.

Basic Information

ID CVE-2026-41419

Source GitHub_M

Published Apr 24, 2026 at 18:50

Affected Product

Vendor RARgames

Product 4gaBoards

Version < 3.3.5

Affected Versions RARgames 4gaBoards < 3.3.5

CWE Classification

CWE-22

References

github.com /RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm

{
    "lastseen": "",
    "description": "4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. This vulnerability is fixed in 3.3.5.",
    "published": "2026-04-24T18:50:44.763Z",
    "modified": "2026-04-24T18:50:44.763Z",
    "type": "cve",
    "title": "4ga Boards: Import Path Traversal Leads to Arbitrary File Read",
    "source": "GitHub_M",
    "references": "https://github.com/RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm",
    "id": "CVE-2026-41419",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "RARgames 4gaBoards < 3.3.5",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "4gaBoards",
    "version": "< 3.3.5",
    "vendor": "RARgames",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

4ga Boards: Import Path Traversal Leads to Arbitrary File Read_CVE-2026-41419