CVE-2020-37214
Voyager 1.3.0 - Directory Traversal
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.
| CWE | CWE-22 |
| Vendor | the control group |
| Product | voyager |
| Published | Feb 11, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for the control group voyager
Be the first to know when new high vulnerabilities affecting the control group voyager are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
The Control Group / Voyager
<= 1.3.0
References
exploit-db.com: https://www.exploit-db.com/exploits/47875 voyager.devdojo.com: https://voyager.devdojo.com/ github.com: https://github.com/the-control-group/voyager/releases/tag/v1.3.0 github.com: https://github.com/the-control-group/voyager/releases/tag/v1.2.7 vulncheck.com: https://www.vulncheck.com/advisories/voyager-directory-traversal
Credits
NgoAnhDuc