CVE-2026-41465

EUVD-2026-25868
ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
projeqtorprojeqtor
7.0 ≤
𝑥
≤ 12.4.3
CNA
Common Weakness Enumeration
References
https://damiri.fr/en/cves/CVE-2026-41465
https://gryfman.fr/cves/CVE-2026-41465
https://www.projeqtor.com
https://www.vulncheck.com/advisories/projeqtor-path-traversal-via-dynamicdialog-php