CVE-2026-41655 | admidio up to 5.0.8 ecard_preview.php ECard::getEcardTemplate ecard_template path traversal (GHSA-m3vp-3jjm-gpmx)

May 7, 2026 Yanac

A vulnerability was found in admidio up to 5.0.8. It has been classified as critical. Impacted is the function ECard::getEcardTemplate of the file ecard_preview.php. The manipulation of the argument ecard_template leads to path traversal.

This vulnerability is documented as CVE-2026-41655. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More