CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3.  Versions below this remain susceptible.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/OSC/ondemand/commit/23cb167222886fdd8415277ca5c1215f4c32629c
https://github.com/OSC/ondemand/commit/37f0ae4efb222e9c0af250feae860a720427df16
https://github.com/OSC/ondemand/security/advisories/GHSA-f83q-mhrr-3cr2