{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5966", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2026-04-09T10:34:44.214Z", "datePublished": "2026-04-20T07:40:33.323Z", "dateUpdated": "2026-04-20T13:30:25.604Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-04-20T07:40:33.323Z"}, "title": "TeamT5\uff5cThreatSonar Anti-Ransomware - Arbitrary File Deletion", "datePublic": "2026-04-20T07:37:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-23", "description": "CWE-23 Relative path traversal", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "affected": [{"vendor": "TeamT5", "product": "ThreatSonar Anti-Ransomware", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "4.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system."}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Please install hotpatch version 20260302.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Please install hotpatch version 20260302."}]}], "source": {"advisory": "TVN-202604007", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T13:30:17.764113Z", "id": "CVE-2026-5966", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:30:25.604Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5966", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T13:30:17.764113Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:30:22.861Z"}}], "cna": {"title": "TeamT5\uff5cThreatSonar Anti-Ransomware - Arbitrary File Deletion", "source": {"advisory": "TVN-202604007", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TeamT5", "product": "ThreatSonar Anti-Ransomware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please install hotpatch version 20260302.", "supportingMedia": [{"type": "text/html", "value": "Please install hotpatch version 20260302.", "base64": false}]}], "datePublic": "2026-04-20T07:37:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.", "supportingMedia": [{"type": "text/html", "value": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23 Relative path traversal"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-04-20T07:40:33.323Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5966", "state": "PUBLISHED", "dateUpdated": "2026-04-20T13:30:25.604Z", "dateReserved": "2026-04-09T10:34:44.214Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2026-04-20T07:40:33.323Z", "assignerShortName": "twcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system."}], "id": "CVE-2026-5966", "lastModified": "2026-04-20T08:16:11.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2026-04-20T08:16:11.010", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ThreatSonar Anti-Ransomware", "source": "cna", "vendor": "TeamT5"}, "product": "threatsonar_anti-ransomware", "vendor": "teamt5"}], "analysis": {"en": {"generated_at": "2026-04-20T08:20:47.722908+00:00", "value": {"mitigation_remediation": ["Install hotpatch version 20260302 from TeamT5. ", "Restrict web access to ThreatSonar by enforcing strong authenticated sessions, limiting IP ranges, and removing unnecessary administrative functionality. ", "Deploy file\u2011integrity monitoring or audit logs to detect and alert on unexpected file deletions within the ThreatSonar installation directories."], "summary": {"action": "Apply Patch", "impact": "Arbitrary file deletion"}, "threat_synthesis": {"affected_systems": "The affected product is TeamT5\u2019s ThreatSonar Anti-Ransomware. All deployments prior to the hotpatch released on 20260302 are vulnerable. No additional product variants or versions are listed, so any installation of this software that has not applied the hotpatch is at risk.", "description_and_impact": "ThreatSonar Anti-Ransomware, developed by TeamT5, contains a Path Traversal flaw that allows authenticated remote attackers who can access the web interface to delete arbitrary files on the system. The vulnerability permits an attacker to specify a file path that traverses outside the intended directory, resulting in removal of critical system or application files. This loss of files can compromise system availability, disrupt services, and potentially expose sensitive information if deleted files were previously encrypted by the anti-ransomware software itself.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high severity. The EPSS score is not available, so the exact likelihood of exploitation is unknown. The vulnerability has been categorized as not listed in the CISA KEV catalog, although that does not preclude active exploitation. The likely attack path involves an attacker first authenticating to the web interface of ThreatSonar and then submitting a crafted request that includes a path traversal component to delete a target file. Compromise of the web credentials or a brute\u2011force attack on the authentication system could enable this scenario."}}}}, "created": "2026-04-20T08:30:02.448606+00:00", "updated": "2026-04-20T08:30:02.619815+00:00", "vendors": ["teamt5", "teamt5$PRODUCT$threatsonar_anti-ransomware"]}