Primary

Context

DumbAssets Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A path traversal vulnerability has been identified in DumbAssets versions through 1.0.11. This vulnerability exists in the POST /api/delete-file endpoint, specifically within the filesToDelete array parameters. It allows unauthenticated attackers to delete arbitrary files by exploiting directory boundary validation. By supplying ../ sequences, attackers can traverse outside the intended application directory and delete critical files such as server.js or package.json, leading to a complete denial-of-service condition.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion, with potential deletion of critical application files leading to a complete denial-of-service condition.

Remediation

Users can update to the latest version of DumbAssets where this vulnerability has been addressed.

Added: May 18, 2026, 6:23 PM

Updated: May 18, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DumbAssets Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

DumbWareio DumbAssets

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating