Stackfield Desktop App Path Traversal (CVE-2026-28373)
CVE-2026-28373
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can...
Overview
A critical path traversal vulnerability, tracked as CVE-2026-28373, has been identified in the Stackfield Desktop App for macOS and Windows. This flaw exists in versions prior to 1.10.2 and resides within the application’s decryption functionality when handling the filePath property.
Vulnerability Details
In simple terms, this vulnerability allows a specially crafted Stackfield export file to trick the application. When the app processes this malicious file, it fails to properly validate the intended save location. An attacker can manipulate the filePath property to write the decrypted content to any location on the victim’s computer filesystem, rather than a safe, designated folder. Successful exploitation requires user interaction, such as opening a malicious export file received via email or downloaded from the web.
Impact
The impact of this vulnerability is severe. By writing arbitrary files to critical system directories, an attacker could achieve full system compromise. Potential outcomes include:
- Overwriting system files to disrupt operations or achieve persistence.
- Planting executable files (like malware or scripts) in startup locations to run code automatically.
- Stealing or corrupting sensitive user data. With a CVSS score of 9.6 (Critical), this is a high-severity issue that demands immediate attention from all users of the affected software.
Remediation and Mitigation
The primary and only complete mitigation is to update the Stackfield Desktop App immediately.
- Update: All users must upgrade to Stackfield Desktop App version 1.10.2 or later. This update contains the necessary patches to validate file paths correctly.
- Verify Version: Check your currently installed version and ensure it is 1.10.2 or higher.
- User Caution: Until updated, exercise extreme caution with Stackfield export files (.stackpack) from untrusted sources. Do not open such files if unsolicited.
For administrators managing deployments, push this update to all endpoints as a priority. Consider this patch alongside other critical endpoint updates, such as the Windows 11 KB5079391 update rolls out Smart App Control i….
Security Insight
This vulnerability highlights the persistent risk of improper input sanitization in desktop applications that handle complex file formats. Similar to threats that leverage malicious files for initial access, like the Russian CTRL Toolkit Hijacks RDP via Malicious LNK Files, CVE-2026-28373 turns a trusted business collaboration tool into a potential vector for system takeover, underscoring the need for robust file parsing and path validation in all client-side software.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By expl...
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint...
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitr...