CVE-2026-25069
SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can disclose sensitive information and delete critical system files, resulting in data loss and potential system compromise or denial of service.
| CWE | CWE-22 |
| Vendor | sunfounder |
| Product | pironman dashboard (pm_dashboard) |
| Published | Jan 31, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sunfounder pironman dashboard (pm_dashboard)
Be the first to know when new unknown vulnerabilities affecting sunfounder pironman dashboard (pm_dashboard) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
SunFounder / Pironman Dashboard (pm_dashboard)
0 โค 1.3.13
References
github.com: https://github.com/sunfounder/pm_dashboard github.com: https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L62 github.com: https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L440 vulncheck.com: https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-traversal-arbitrary-file-read-deletion gist.github.com: https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3
Credits
chapochapo