Zero Day MonitorZDM

← Back to list

9.6

CVE-2026-28373PATCHED

n/a · n/a

CVE-2026-28373: The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryp

Description

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 1.10.1

References

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-28373 | Stackfield Desktop App up to 1.10.1 on macOS filePath path traversal

→ No new info (linked only)

CVSS 3.19.6 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.10.2

PublishedApr 3, 2026

Last enriched2h agov2

Trending Score43

Source articles1

Independent1

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-59711EXP

CVE-2025-59711: An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism,

HIGHCVE-2025-59709EXP

CVE-2025-59709: An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read b

HIGHCVE-2026-26477

CVE-2026-26477: An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_uploa

CRITICALCVE-2025-59710

CVE-2025-59710: An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the

MEDIUMCVE-2026-30251

CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Patch Available

Apr 3, 2026

Updated: affectedVersions, patchAvailable

Apr 3, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated vendor and product information, specified affected version as 1.10.1, and noted that patch version 1.10.2 is available.

affectedVersionspatchAvailable

via VulDB

v13h ago

Initial creation