Cyber Posture

CVE-2026-5966

High

Published: 20 April 2026

Published
20 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0034 56.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates path traversal vulnerability by requiring validation of file path inputs in the web interface to prevent arbitrary file deletion.

AC-3 Access Enforcement partial match
prevent

Enforces approved authorizations for access to file system resources, preventing unauthorized deletions even if path traversal resolves to sensitive paths.

AC-6 Least Privilege partial match
prevent

Applies least privilege to limit low-privilege authenticated web users from deleting arbitrary system files beyond their authorized scope.

Security SummaryAI

CVE-2026-5966 is an Arbitrary File Deletion vulnerability in ThreatSonar Anti-Ransomware, a product developed by TeamT5. The issue stems from a Path Traversal flaw (CWE-23) that allows authenticated remote attackers with web access to delete arbitrary files on the affected system. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on integrity and availability.

An attacker with low-privilege authenticated access to the web interface can exploit this Path Traversal vulnerability over the network without user interaction. Successful exploitation enables the deletion of arbitrary files on the underlying system, potentially disrupting anti-ransomware operations, corrupting critical data, or causing denial of service by targeting essential system files.

Mitigation details are provided in advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html and https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html. Security practitioners should consult these resources for patch information, workaround guidance, and affected version details.

Details

CWE(s)
CWE-23

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
attack.mitre.org →
Why these techniques?

Arbitrary file deletion directly enables T1070.004 (File Deletion) for indicator removal and facilitates T1562.001 (Disable or Modify Tools) by targeting anti-ransomware product files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References