The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.
References
| Link | Resource |
|---|---|
| https://www.rcesecurity.com/2026/03/stackfield-desktop-app-rce-via-path-traversal-and-arbitrary-file-write-cve-2026-28373/ | Exploit Third Party Advisory |
| https://www.rcesecurity.com/advisories/cve-2026-28373/ | Exploit Third Party Advisory |
| https://www.stackfield.com/desktop-apps | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
02 Jun 2026, 17:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.rcesecurity.com/2026/03/stackfield-desktop-app-rce-via-path-traversal-and-arbitrary-file-write-cve-2026-28373/ - Exploit, Third Party Advisory | |
| References | () https://www.rcesecurity.com/advisories/cve-2026-28373/ - Exploit, Third Party Advisory | |
| References | () https://www.stackfield.com/desktop-apps - Product | |
| First Time |
Stackfield
Microsoft Apple macos Apple Microsoft windows Stackfield stackfield |
|
| CPE | cpe:2.3:a:stackfield:stackfield:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
03 Apr 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-22 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
03 Apr 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-03 17:16
Updated : 2026-06-02 17:46
NVD link : CVE-2026-28373
Mitre link : CVE-2026-28373
CVE.ORG link : CVE-2026-28373
JSON object : View
Products Affected
microsoft
- windows
apple
- macos
stackfield
- stackfield
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')