A critical unauthenticated path traversal vulnerability in FalkorDB Browser allows remote attackers to write arbitrary files and achieve full remote code execution.

This is a path traversal vulnerability occurring within the file upload API. It allows remote, unauthenticated attackers to bypass file path restrictions, write malicious files to the server, and execute code.

With a CVSS score of 9.8, this vulnerability is critical. It provides an attacker with complete control over the server, risking the exposure of stored databases, system compromise, and potential lateral movement into the broader network environment.

Immediate Action: Upgrade FalkorDB Browser to the latest version immediately.

Proactive Monitoring: Audit server file systems for unauthorized or suspicious files created in unexpected directories and review web logs for path traversal patterns.

Compensating Controls: Implement strict file system permissions and use a WAF to filter requests containing directory traversal sequences (e.g., ../).

Public Exploit Available: No

Immediate remediation is required to secure the FalkorDB environment. Organizations should prioritize updating the software and restricting administrative access to the file upload API.