Cyber Resilience

CVE-2026-5966

High

Published: 20 April 2026

Published
20 April 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v4 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 32.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5966 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Teamt5 Threatsonar Anti-Ransomware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 32.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-5966 is an Arbitrary File Deletion vulnerability in ThreatSonar Anti-Ransomware, a product developed by TeamT5. The issue stems from a Path Traversal flaw (CWE-23) that allows authenticated remote attackers with web access to delete arbitrary files on the affected system. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on integrity and availability.

An attacker with low-privilege authenticated access to the web interface can exploit this Path Traversal vulnerability over the network without user interaction. Successful exploitation enables the deletion of arbitrary files on the underlying system, potentially disrupting anti-ransomware operations, corrupting critical data, or causing denial of service by targeting essential system files.

Mitigation details are provided in advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html and https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html. Security practitioners should consult these resources for patch information, workaround guidance, and affected version details.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Arbitrary file deletion directly enables T1070.004 (File Deletion) for indicator removal and facilitates T1562.001 (Disable or Modify Tools) by targeting anti-ransomware product files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5967Same product: Teamt5 Threatsonar Anti-Ransomware
CVE-2026-7404Shared CWE-22, CWE-23
CVE-2026-21659Shared CWE-22, CWE-23
CVE-2025-1599Shared CWE-22, CWE-23
CVE-2025-24960Shared CWE-22
CVE-2025-29789Shared CWE-22, CWE-23
CVE-2025-27410Shared CWE-22, CWE-23
CVE-2026-22070Shared CWE-22, CWE-23
CVE-2026-25121Shared CWE-22, CWE-23
CVE-2026-32808Shared CWE-22

Affected Assets

teamt5
threatsonar anti-ransomware
≤ 4.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal vulnerability by requiring validation of file path inputs in the web interface to prevent arbitrary file deletion.

prevent

Enforces approved authorizations for access to file system resources, preventing unauthorized deletions even if path traversal resolves to sensitive paths.

prevent

Applies least privilege to limit low-privilege authenticated web users from deleting arbitrary system files beyond their authorized scope.

References