CVE-2026-5966

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html	Not Applicable
https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:teamt5:threatsonar_anti-ransomware:*:*:*:*:*:*:*:*

History

12 May 2026, 15:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:teamt5:threatsonar_anti-ransomware::::::::
References	~~() https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html -~~	() https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html - Not Applicable
References	~~() https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html - Not Applicable
First Time		Teamt5 Teamt5 threatsonar Anti-ransomware
CWE		CWE-22

20 Apr 2026, 08:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-20 08:16

Updated : 2026-05-12 15:29

NVD link : CVE-2026-5966

Mitre link : CVE-2026-5966

CVE.ORG link : CVE-2026-5966

JSON object : View

Products Affected

teamt5

threatsonar_anti-ransomware

CWE

CWE-23

Relative Path Traversal

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-5966", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-20T08:16:11.010", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html", "tags": ["Not Applicable"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html", "tags": ["Not Applicable"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system."}], "lastModified": "2026-05-12T15:29:45.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teamt5:threatsonar_anti-ransomware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47BBA66A-AAC4-4610-A2EE-404CCF94F7CF", "versionEndExcluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}