Filtered by vendor Qameta
Subscriptions
Filtered by product Allure Report
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33166 | 2 Allure-framework, Qameta | 2 Allure2, Allure Report | 2026-04-14 | 8.6 High |
| Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive file on the host system. During report generation, Allure will resolve these paths and include the sensitive files in the final report. Version 2.38.0 fixes the issue. | ||||
Page 1 of 1.