โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-11416
CVE-2026-11416 - MoviePilot Path Traversal via Cloud Storage Download Handlers
๐Ÿ“… 2026-06-05
๐ŸŸ  High ๐Ÿ”ฅ No MITRE CVE High Vulnerability Vulnerability

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-11416 Published : June 5, 2026, 9:42 p.m. | 46ย minutes ago Description :MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename norm

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

MoviePilot Path Traversal

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Vulnerability

๐Ÿ”— CVE ID

CVE-2026-11416

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-11416 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†