CVE-2026-4233 | ThingsGateway 12 /api/file/download fileName path traversal

A vulnerability was found in ThingsGateway 12. It has been rated as critical. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal.

This vulnerability is referenced as CVE-2026-4233. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More