JustAppSec
MEDIUM SeverityCVSS 3.15.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2026-41646

Last updated May 08, 2026 · Published May 08, 2026

← Back to list

Description

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the default local file access restriction. This issue has been patched in version 3.8.0.

Affected products

1 listed
  • projectdiscovery:nuclei

Mappings

CWE

CWE-284

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.