Cyber Posture

CVE-2026-6057

CriticalUpdated

Published: 10 April 2026

Published
10 April 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6057 is a critical-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates path traversal (CWE-22) by requiring validation of file paths in unauthenticated upload API requests to block arbitrary file writes.

SI-2 Flaw Remediation good match
prevent

Mandates timely patching of the specific flaw in FalkorDB Browser 1.9.3 as provided in the vendor's GitHub pull request #1611.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Requires identification and authentication for non-organizational users (remote attackers), blocking unauthenticated access to the vulnerable file upload API.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated path traversal in public-facing file upload API enables arbitrary file writes leading to RCE, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

Deeper analysisAI

CVE-2026-6057 is an unauthenticated path traversal vulnerability (CWE-22) in the file upload API of FalkorDB Browser version 1.9.3. This flaw enables remote attackers to write arbitrary files outside the intended directory, potentially leading to remote code execution. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of required privileges.

Remote attackers can exploit this vulnerability without authentication by sending specially crafted requests to the file upload API, traversing directory paths to overwrite or create files in sensitive locations such as web roots or executable directories. Successful exploitation allows arbitrary file writes, which can result in remote code execution on the affected server, granting attackers full control over the system including data exfiltration, persistence, or lateral movement.

Mitigation details are referenced in the FalkorDB Browser GitHub repository and pull request #1611, which addresses the issue through a code fix available for integration. Security practitioners should update to a patched version beyond 1.9.3 and review file upload endpoints for similar path traversal risks.

Details

CWE(s)
CWE-22

CVEs Like This One

CVE-2024-36512Shared CWE-22
CVE-2025-14727Shared CWE-22
CVE-2025-36236Shared CWE-22
CVE-2025-7360Shared CWE-22
CVE-2025-7712Shared CWE-22
CVE-2024-39786Shared CWE-22
CVE-2025-64057Shared CWE-22
CVE-2025-14914Shared CWE-22
CVE-2025-15449Shared CWE-22
CVE-2026-38360Shared CWE-22

References