Path Traversal in Saloonphp Saloon

CVE-2026-33183

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segmen…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (6.0th percentile) — read the EPSS interpretation.

Affected products

Saloonphp Saloon — versions < 4.0.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/saloonphp/saloon/security/advisories/GHSA-f7xc-5852-fj99 (x_refsource_CONFIRM)
https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 (x_refsource_MISC)