CVE-2026-6057 PUBLISHED

Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution

Assigner: securin
Reserved: 10.04.2026 Published: 10.04.2026 Updated: 10.04.2026

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

Product Status

Vendor	FalkorDB
Product	FalkorDB Browser
Versions	Default: unaffected Version 1.9.3 is affected

Credits

Ramesh Gunnam from Securin finder

References

https://github.com/FalkorDB/falkordb-browser
https://github.com/FalkorDB/falkordb-browser/pull/1611

Problem Types

CWE-22 Path Traversal CWE