CVE-2026-34783: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MontFerret ferret
CVE-2026-34783 is a path traversal vulnerability in MontFerret's ferret product prior to version 2. 0. 0-alpha. 4. The flaw exists in the IO::FS::WRITE standard library function, allowing a malicious website to cause Ferret to write arbitrary files to the host filesystem by using crafted filenames containing '.. /' sequences. This can enable attackers to control both the destination path and file content, potentially leading to remote code execution through mechanisms like cron jobs, SSH authorized_keys, shell profiles, or web shells. The vulnerability is fixed in version 2. 0. 0-alpha.
AI Analysis
Technical Summary
MontFerret ferret versions before 2.0.0-alpha.4 contain a path traversal vulnerability (CWE-22) in the IO::FS::WRITE function. When scraping websites that return filenames with '../' sequences, an attacker can manipulate output paths and write arbitrary files to the filesystem. This improper limitation of pathname allows overwriting or creating files outside intended directories, which can be leveraged for remote code execution by modifying critical files such as cron jobs or SSH keys. The issue is resolved in version 2.0.0-alpha.4.
Potential Impact
An attacker controlling a malicious website can exploit this vulnerability to write arbitrary files on the system running Ferret. This can lead to remote code execution by modifying files that influence system or user behavior, such as cron jobs, SSH authorized_keys, or shell profiles. The vulnerability has a high CVSS score of 8.1, indicating significant impact on integrity and availability if exploited.
Mitigation Recommendations
Upgrade MontFerret ferret to version 2.0.0-alpha.4 or later, where this path traversal vulnerability is fixed. Since no official patch links or vendor advisory details are provided, users should verify the update availability from MontFerret's official sources. Until upgraded, avoid scraping untrusted websites that may return filenames with '../' sequences or sanitize filenames before use to prevent path traversal.
CVE-2026-34783: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MontFerret ferret
Description
CVE-2026-34783 is a path traversal vulnerability in MontFerret's ferret product prior to version 2. 0. 0-alpha. 4. The flaw exists in the IO::FS::WRITE standard library function, allowing a malicious website to cause Ferret to write arbitrary files to the host filesystem by using crafted filenames containing '.. /' sequences. This can enable attackers to control both the destination path and file content, potentially leading to remote code execution through mechanisms like cron jobs, SSH authorized_keys, shell profiles, or web shells. The vulnerability is fixed in version 2. 0. 0-alpha.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
MontFerret ferret versions before 2.0.0-alpha.4 contain a path traversal vulnerability (CWE-22) in the IO::FS::WRITE function. When scraping websites that return filenames with '../' sequences, an attacker can manipulate output paths and write arbitrary files to the filesystem. This improper limitation of pathname allows overwriting or creating files outside intended directories, which can be leveraged for remote code execution by modifying critical files such as cron jobs or SSH keys. The issue is resolved in version 2.0.0-alpha.4.
Potential Impact
An attacker controlling a malicious website can exploit this vulnerability to write arbitrary files on the system running Ferret. This can lead to remote code execution by modifying files that influence system or user behavior, such as cron jobs, SSH authorized_keys, or shell profiles. The vulnerability has a high CVSS score of 8.1, indicating significant impact on integrity and availability if exploited.
Mitigation Recommendations
Upgrade MontFerret ferret to version 2.0.0-alpha.4 or later, where this path traversal vulnerability is fixed. Since no official patch links or vendor advisory details are provided, users should verify the update availability from MontFerret's official sources. Until upgraded, avoid scraping untrusted websites that may return filenames with '../' sequences or sanitize filenames before use to prevent path traversal.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T19:54:55.556Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3dfa80a160ebd92c701ce
Added to database: 4/6/2026, 4:30:32 PM
Last enriched: 4/14/2026, 4:05:06 PM
Last updated: 5/22/2026, 2:48:21 PM
Views: 32
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.