CVE-2026-4044 | projectsend up to r1945 Delete /import-orphans.php realpath files[] path traversal

A vulnerability marked as critical has been reported in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal.

This vulnerability is known as CVE-2026-4044. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More