adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal_CVE-2026-8757

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-8757

Source VulDB

Published May 17, 2026 at 13:15

Affected Product

Vendor adenhq

Product hive

Version 0.1

Affected Versions adenhq hive 0.1
adenhq hive 0.2
adenhq hive 0.3
adenhq hive 0.4
adenhq hive 0.5
adenhq hive 0.6
adenhq hive 0.7
adenhq hive 0.8
adenhq hive 0.9
adenhq hive 0.10
adenhq hive 0.11.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-17T13:15:09.780Z",
    "modified": "2026-05-17T13:15:09.780Z",
    "type": "cve",
    "title": "adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/364384\nhttps://vuldb.com/vuln/364384/cti\nhttps://vuldb.com/submit/811276\nhttps://gist.github.com/YLChen-007/ff3ff201b05d13d41f949f86e9187bd2",
    "id": "CVE-2026-8757",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "adenhq hive 0.1\nadenhq hive 0.2\nadenhq hive 0.3\nadenhq hive 0.4\nadenhq hive 0.5\nadenhq hive 0.6\nadenhq hive 0.7\nadenhq hive 0.8\nadenhq hive 0.9\nadenhq hive 0.10\nadenhq hive 0.11.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hive",
    "version": "0.1",
    "vendor": "adenhq",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}