CVE-2026-8115 | gyoridavid short-video-maker up to 1.3.4 REST API rest.ts req.params.tmpFile path traversal (Issue 73)

May 7, 2026 Yanac

A vulnerability, which was classified as problematic, was found in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal.

This vulnerability is reported as CVE-2026-8115. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More