CVE-2026-6057

CRITICAL 9.8

Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

25th

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

CWE	CWE-22
Vendor	falkordb
Product	falkordb browser
Published	Apr 10, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for falkordb falkordb browser

Be the first to know when new critical vulnerabilities affecting falkordb falkordb browser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FalkorDB / FalkorDB Browser

1.9.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/FalkorDB/falkordb-browser github.com: https://github.com/FalkorDB/falkordb-browser/pull/1611

Credits

Ramesh Gunnam from Securin