Back to overview

CVE-2026-11917

HIGH
7.2
CVSS 4.0
Description
A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.

Metadata

CVE ID
CVE-2026-11917
State
PUBLISHED
Assigner
Rockwell
Reserved
2026-06-10 16:54 UTC
Published
2026-07-14 15:07 UTC
Last updated
2026-07-14 15:54 UTC
Primary CWE
CWE-22
CWE-22: Improper Limitation of a Pathname to a Restricted Di…
Vendor / Product
Rockwell Automation / FactoryTalk ThinManager
Sources
cve.org  ·  NVD

Severity & Metrics

7.2 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Rockwell Automation FactoryTalk ThinManager 13.0.0 – 13.0.7, 13.1.0 – 13.1.5, 13.2.0 – 13.2.4, 14.0.0 – 14.0.2
Weakness (CWE)
CWESourceDescription
CWE-22 cna CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.2 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview