CVE-2026-40163Saltcorn · Saltcorn
Vulnerability data via NVD (ingested)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attacker to list arbitrary directory contents and read specific JSON files. This vulnerability is fixed in 1.4.5, 1.5.5, and 1.6.0-beta.4.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-40163product:"Saltcorn Saltcorn"http.html:"Saltcorn"More intel sources (5)
vuln:CVE-2026-40163vulnerabilities.cve_id: CVE-2026-40163CVE-2026-40163CVE-2026-40163"CVE-2026-40163" exploit -site:nvd.nist.gov