CVE-2026-7086
MEDIUMHBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal
Title source: cnaDescription
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is still unclear if this vulnerability genuinely exists. The vendor explains in a reply to the issue report, that "[t]he URL of this interface is designed to only be a local address or a trusted domain address configured in docker, and will not contain malicious links, unless the user modifies the code causing unexpected situations."
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-359661 | HBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal
https://vuldb.com/vuln/359661
Signature, Permissions Required signature
permissions-required
VDB-359661 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/359661/cti
Third Party Advisory third-party-advisory
Submit #799584 | HBAI-Ltd Toonflow 1.1.1 Path Traversal Leading to Arbitrary File Read
https://vuldb.com/submit/799584
Exploit exploit
issue-tracking
https://github.com/HBAI-Ltd/Toonflow-app/issues/97
Issue Tracking issue-tracking
https://github.com/HBAI-Ltd/Toonflow-app/issues/97#issuecomment-4208207717
Product product
https://github.com/HBAI-Ltd/Toonflow-app/
Scores
CVSS v3
4.3
EPSS
0.0041
EPSS Percentile
32.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
HBAI-Ltd/Toonflow-app
1.1.0
HBAI-Ltd/Toonflow-app
1.1.1
Published
Apr 27, 2026
Tracked Since
Apr 27, 2026