The Stackfield Desktop App for macOS and Windows is vulnerable to a critical path traversal flaw that allows attackers to overwrite arbitrary system files via malicious content exports.

Improper sanitization of the filePath property during the decryption of exported data allows a path traversal attack. This enables a malicious file to escape the intended directory and write data to sensitive locations.

An attacker can use this flaw to overwrite critical system files, plant malware, or gain persistence on a user's workstation. The CVSS score of 9.6 highlights the critical risk to endpoint security and the potential for complete workstation compromise.

Immediate Action: Force an update of the Stackfield Desktop App to version 1.10.2 or later across all Windows and macOS endpoints.

Proactive Monitoring: Use Endpoint Detection and Response (EDR) tools to monitor for unexpected file-write operations originating from the Stackfield application process.

Compensating Controls: Restrict user permissions to prevent applications from writing to sensitive system directories where possible.

Public Exploit Available: false

Path traversal leading to arbitrary file writes is a high-impact vulnerability. It is essential to ensure all employees update their desktop clients immediately to version 1.10.2 to protect against potential workstation compromise.