CVE-2026-41412 | alfio-event alf.io up to 2.0-M5-2605 postFileAndSaveResponse path traversal (GHSA-6m62-53cw-4373)

A vulnerability was found in alfio-event alf.io up to 2.0-M5-2605. It has been declared as critical. Affected by this vulnerability is the function postFileAndSaveResponse. Executing a manipulation can lead to path traversal.

This vulnerability appears as CVE-2026-41412. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More