Path Traversal in Enchant97 Note-mark
CVE-2026-44522
Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/{noteID}/assets, where the asset filename is provided thr…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.
Affected products
- Enchant97 Note-mark — versions >= 0.13.0, < 0.19.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)