CVE-2026-5966
Published: 20 April 2026
Summary
CVE-2026-5966 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Teamt5 Threatsonar Anti-Ransomware. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked in the top 43.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates path traversal vulnerability by requiring validation of file path inputs in the web interface to prevent arbitrary file deletion.
Enforces approved authorizations for access to file system resources, preventing unauthorized deletions even if path traversal resolves to sensitive paths.
Applies least privilege to limit low-privilege authenticated web users from deleting arbitrary system files beyond their authorized scope.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file deletion directly enables T1070.004 (File Deletion) for indicator removal and facilitates T1562.001 (Disable or Modify Tools) by targeting anti-ransomware product files.
NVD Description
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
Deeper analysisAI
CVE-2026-5966 is an Arbitrary File Deletion vulnerability in ThreatSonar Anti-Ransomware, a product developed by TeamT5. The issue stems from a Path Traversal flaw (CWE-23) that allows authenticated remote attackers with web access to delete arbitrary files on the affected system. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on integrity and availability.
An attacker with low-privilege authenticated access to the web interface can exploit this Path Traversal vulnerability over the network without user interaction. Successful exploitation enables the deletion of arbitrary files on the underlying system, potentially disrupting anti-ransomware operations, corrupting critical data, or causing denial of service by targeting essential system files.
Mitigation details are provided in advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html and https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html. Security practitioners should consult these resources for patch information, workaround guidance, and affected version details.
Details
- CWE(s)