CVE-2023-35844

HIGH EXPLOITED NUCLEI

lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints

Title source: llm

Exploitation Summary

CVE-2023-35844 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Lserein. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a path traversal vulnerability in Lightdash to read arbitrary files (e.g., /etc/passwd). It sends a crafted HTTP request to the vulnerable endpoint and checks for the presence of 'root' in the response to confirm exploitation.

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Exploits (2)

nomisec WORKING POC 20 stars

by Lserein · infoleak

https://github.com/Lserein/CVE-2023-35844

View Code ZIP pw:eip

This PoC exploits a path traversal vulnerability in Lightdash to read arbitrary files (e.g., /etc/passwd). It sends a crafted HTTP request to the vulnerable endpoint and checks for the presence of 'root' in the response to confirm exploitation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Lightdash (version not specified)

No auth needed

Prerequisites: Target must be running a vulnerable version of Lightdash · Network access to the target

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/szlein/cve-2023-35844

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-35844, a directory traversal vulnerability in Lightdash. The PoC sends a crafted HTTP request to read arbitrary files (e.g., /etc/passwd) via a path traversal payload.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Lightdash (version not specified)

No auth needed

Prerequisites: Target URL or list of URLs

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

Lightdash version <= 0.510.3 Arbitrary File Read

HIGHVERIFIEDby dwisiswant0

Shodan: title:"Lightdash" || http.title:"lightdash"

FOFA: title="lightdash"

References (4)

Core 4

Core References

Exploit, Third Party Advisory

https://advisory.dw1.io/59

Patch

https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c

View Patch ZIP pw:eip

Release Notes

https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3

Patch

https://github.com/lightdash/lightdash/pull/5090

Scores

CVSS v3 7.5

EPSS 0.9204

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2023-12-04

CWE

CWE-22

Status published

Products (1)

lightdash/lightdash < 0.510.3

Published Jun 19, 2023

Tracked Since Feb 18, 2026