Path Traversal in Alfredredbird Tookie-osint
CVE-2026-42866
Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open(f"{user}.<ext>"), where user comes unsa…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.
Affected products
- Alfredredbird Tookie-osint — versions < 4.1fix
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)