NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-47897
Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).

This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018.

Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.

Publication Date July 3, 2026, 5:16 p.m.
Registration Date July 4, 2026, 4:16 a.m.
Last Update July 9, 2026, 3:29 a.m.
CVSS3.1 : HIGH
スコア 7.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR) 不要
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C) なし
完全性への影響(I)
可用性への影響(A) なし
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*
cpe:2.3:a:apache:lucene.net:4.8.0:beta00017:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List