QwikSec

Security Database

CVE

CWE

Training

CVE-2026-26002

Published: Mar 4, 2026

Modified: Mar 5, 2026

PUBLISHED

Description

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible.

Vendor	Product	Versions
OSC	ondemand	affected `< 4.0.9` affected `>= 4.1.0, < 4.1.3`

Weaknesses (CWE)

References

https://github.com/OSC/ondemand/security/advisories/GHSA-f83q-mhrr-3cr2

x_refsource_CONFIRM

https://github.com/OSC/ondemand/commit/23cb167222886fdd8415277ca5c1215f4c32629c

x_refsource_MISC

https://github.com/OSC/ondemand/commit/37f0ae4efb222e9c0af250feae860a720427df16

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.