CVE-2026-41551

ROS# · ROS#

A path traversal vulnerability in ROS# versions prior to V2.2.2 allows remote attackers to access arbitrary files on the host device due to insufficient input sanitization.

Executive summary

ROS# versions prior to V2.2.2 are vulnerable to a critical path traversal flaw, enabling remote attackers to read unauthorized files from the host system.

Vulnerability

This is a path traversal vulnerability caused by the failure to properly sanitize user-supplied input. This flaw allows a remote, unauthenticated attacker to escape intended directory boundaries and access sensitive files on the underlying filesystem.

Business impact

The ability to perform arbitrary file reads can lead to the exposure of sensitive configuration files, credentials, or proprietary source code. With a CVSS score of 9.1, this vulnerability poses a severe risk of data exfiltration and credential theft, which could be leveraged for further lateral movement within the network.

Remediation

Immediate Action: Update the ROS# software to version V2.2.2 or later to resolve the input sanitization defect.

Proactive Monitoring: Review system and application access logs for attempts to traverse directories (e.g., sequences like "../") in file-related requests.

Compensating Controls: Deploy a Web Application Firewall (WAF) or filesystem monitor configured to block or alert on directory traversal patterns targeting the application.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This path traversal vulnerability represents a significant security risk to any deployment of ROS#. Administrators must prioritize the transition to version V2.2.2 to prevent unauthorized file access and potential system-wide compromise.