CVE-2026-54223
Published: 18 June 2026
Summary
CVE-2026-54223 is a high-severity Path Traversal (CWE-22) vulnerability in Cert (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-37886
- 🇵🇱 CERT-PL: cert.pl
Vulnerability details
UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful,…
more
the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal (CWE-22) with template edit privileges directly enables arbitrary file read (T1005) and write (T1105), facilitating web shell deployment (T1505.003) for RCE after initial app exploitation (T1190).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.