CVE-2026-11917 PUBLISHED

ThinManager® - Path Traversal via API

Assigner: Rockwell
Reserved: 10.06.2026 Published: 14.07.2026 Updated: 14.07.2026

A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.2

Product Status

Vendor Rockwell Automation
Product FactoryTalk ThinManager
Versions Default: unaffected
  • Version 13.0.0 – 13.0.7, 13.1.0 – 13.1.5, 13.2.0 – 13.2.4, 14.0.0 – 14.0.2 is affected

References

Problem Types

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE