CVE-2021-3223
HIGH EXPLOITED NUCLEINode-RED-Dashboard <2.26.2 - Path Traversal
Title source: llmDescription
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Nuclei Templates (1)
Node RED Dashboard <2.26.2 - Local File Inclusion
HIGHVERIFIEDby gy741,pikpikcu
Shodan:
title:"Node-RED" || http.title:"node-red"
FOFA:
title="Node-RED" || title="node-red"
Scores
CVSS v3
7.5
EPSS
0.9155
EPSS Percentile
99.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2023-11-14
CWE
CWE-22
Status
published
Products (2)
nodered/node-red-dashboard
< 2.26.2
npm/node-red-dashboard
0 - 2.26.2npm
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026