CVE-2026-4191 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handl…
Medium CVSS: 6.9

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
-
Product
-
CWE
CWE-284
Yayın Tarihi
2026-03-16 14:20:02
Güncelleme
2026-03-16 14:53:07
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-284 MEDIUM 2026

Referanslar

https://hackmd.io/@YzU_KiOzT86cEbFQdBceVg/Bk56LQQYbe https://vuldb.com/?ctiid.351098 https://vuldb.com/?id.351098 https://vuldb.com/?submit.770002