CVE-2026-53777 high vulnerability summary

CVE-2026-53777 is listed by Tenable as a High severity CVE. The issue should be reviewed by teams that operate the affected software or dependencies.

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.

Recommended action

Confirm whether the affected product or library is present in your environment, review the vendor guidance, and apply the available update or mitigation where applicable.