CVE-2026-5258 is a path traversal vulnerability identified in Sanster IOPaint version 1.5.3, specifically within the _get_file function of the file_manager.py module in the File Manager component. The vulnerability arises from insufficient validation or sanitization of the filename parameter, allowing an attacker to manipulate this input to traverse directories and access files outside the intended file system scope. This can be exploited remotely without authentication or user interaction, increasing the attack surface. The vulnerability was disclosed publicly on April 1, 2026, with a CVSS 4.0 score of 6.9, reflecting a medium severity level due to the potential for unauthorized file access but limited scope and impact on availability. The vendor Sanster has not responded to the disclosure, and no official patches are currently available. While no confirmed exploits in the wild have been reported, public exploit code exists, raising the risk of exploitation. The vulnerability primarily threatens confidentiality and integrity by exposing sensitive files or enabling attackers to read critical configuration or credential files. The lack of scope change and absence of privilege or user interaction requirements make this vulnerability relatively straightforward to exploit remotely. Organizations using IOPaint 1.5.3 should be aware of this risk and implement compensating controls until an official patch is released.

The primary impact of CVE-2026-5258 is unauthorized disclosure of sensitive information due to path traversal, which can compromise confidentiality and potentially integrity if configuration or credential files are exposed or modified. Attackers can remotely exploit this vulnerability without authentication or user interaction, increasing the likelihood of attacks. This can lead to data breaches, intellectual property theft, or further system compromise if sensitive files are leveraged for privilege escalation or lateral movement. The vulnerability does not directly affect availability but could indirectly impact system stability if critical files are accessed or manipulated. Organizations relying on Sanster IOPaint 1.5.3, especially those handling sensitive or regulated data, face increased risk of compliance violations and reputational damage. The absence of vendor response and patches prolongs exposure, necessitating immediate mitigation. The medium severity score reflects the balance between ease of exploitation and the limited scope of impact, but the presence of public exploit code elevates the threat level.

1. Implement strict input validation and sanitization on the filename parameter to prevent directory traversal sequences such as '../'. 2. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) with rules designed to detect and block path traversal attempts targeting the vulnerable endpoint. 3. Restrict file system permissions for the application process to limit access only to necessary directories, minimizing the impact of potential traversal. 4. Monitor logs for suspicious requests containing directory traversal patterns and respond promptly to detected attempts. 5. If possible, isolate the Sanster IOPaint service in a segmented network zone to reduce exposure. 6. Engage in active threat hunting for signs of exploitation, especially given the public availability of exploit code. 7. Contact Sanster for updates or patches and apply them immediately once available. 8. Consider temporary mitigation by disabling or restricting access to the vulnerable File Manager component if feasible. 9. Educate development and security teams about secure coding practices to prevent similar vulnerabilities in future releases.