CVE-2026-8757

HIGH 7.3

adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal

CVSS Score

7.3

EPSS Score

0.1%

EPSS Percentile

20th

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-22
Vendor	adenhq
Product	hive
Published	May 17, 2026
Last Updated	May 18, 2026

Stay Ahead of the Next One

Get instant alerts for adenhq hive

Be the first to know when new high vulnerabilities affecting adenhq hive are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

adenhq / hive

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/364384 vuldb.com: https://vuldb.com/vuln/364384/cti vuldb.com: https://vuldb.com/submit/811276 gist.github.com: https://gist.github.com/YLChen-007/ff3ff201b05d13d41f949f86e9187bd2

Credits

🔍 Eric-b (VulDB User) VulDB CNA Team