Primary

Context

9front Mothra HTML File Upload Default Value Vulnerability

Vulnerability

A vulnerability in the Mothra web browser component of 9front allows websites to set default file paths for file upload forms. This could be exploited by an attacker who crafts a website with a malicious default file path and hides the form element from the user. When the form is submitted, it could unintentionally leak files from the user's namespace.

Impact

Exploitation of this vulnerability could result in unauthorized file disclosure, leaking user files to the server without their knowledge.

Remediation

The vulnerability has been addressed in a recent commit, which clears any default values set by websites for file input types. Users should update to the latest version of 9front to mitigate this issue.

Added: May 22, 2026, 4:19 AM

Updated: May 22, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

8.8

threat

6.4

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

8.8

threat

6.4

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

9front Mothra HTML File Upload Default Value Vulnerability

Vulnerability

Impact

Remediation

Affected Products

9front Mothra

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating