EIP-2026-112581

The advisory details an arbitrary file download vulnerability in TeamPass Passwords Management System <= 2.1.26, where the 'downloadFile.php' script allows unauthenticated attackers to download sensitive files via directory traversal in the 'sub' and 'file' GET parameters. The technical analysis includes a proof-of-concept URL and code snippet demonstrating the vulnerability.