Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion — CVE-2026-47253

Summary

# Path Traversal in `clear_plugin_cache` Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | ## Summary The SQL scalar function `clear_plugin_cache(plugin)` in `namespace/other_functions.go` passes the…

Product

go: github.com/julien040/anyquery

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

• Read the official source
• CVE Record
• NVD

Related advisories