CVE-2026-2731

Summary

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests

Affected Software

VendorProductVersion RangeStatus
DynamicWebDynamicWeb 98affected
DynamicWebDynamicWeb 99 < 9.19.7affected
DynamicWebDynamicWeb 99.20.0 < 9.20.3affected
DynamicWebDynamicWeb 99.21.0unaffected
DynamicWebDynamicWeb 910unaffected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References