[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-53777":3,"news-by-cve-CVE-2026-53777-10":58},{"exploit_count":4,"affected_product_count":5,"date_published":6,"attack_techniques":7,"references_preview":22,"sources":30,"assigner_short_name":31,"cvss_version":32,"reference_count":33,"tags":34,"id":35,"title":36,"source_identifier":37,"nvd_cvss_vector":31,"kev_ransomware_use":38,"attack_technique_count":39,"weaknesses":40,"remediation_summary":44,"affected_products_preview":45,"state":49,"has_workaround":38,"description":50,"sectors":51,"vendor_context":52,"has_nuclei_templates":38,"assigner_org":31,"cvss_score":53,"cvss_severity":54,"nvd_cvss_severity":31,"in_kev":38,"has_exploit":38,"nuclei_template_count":4,"attack_tactics":55,"has_ai_summary":38,"has_attack_graph":56,"date_updated":6,"cvss_vector":57,"cvss_source":25,"has_solution":38},0,1,"2026-06-11T14:47:02Z",[8,15],{"technique_id":9,"technique_name":10,"tactic":11,"tactic_name":12,"url":13,"confidence":14},"T1005","Data from Local System","collection","Collection","https://attack.mitre.org/techniques/T1005/","medium",{"technique_name":16,"tactic":17,"tactic_name":18,"url":19,"confidence":20,"technique_id":21},"File and Directory Discovery","discovery","Discovery","https://attack.mitre.org/techniques/T1083/","high","T1083",[23,26,28],{"url":24,"source":25},"https://github.com/PerryTS/perry/releases/tag/v0.5.1159","cvelist",{"url":27,"source":25},"https://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68ch",{"url":29,"source":25},"https://github.com/PerryTS/perry/pull/4989",[25],"","3.1",5,[],"CVE-2026-53777","Perry \u003C 0.5.1159 Path Traversal via ArtifactReady WebSocket","83251b91-4cc7-4094-a5c7-464a1b83ea10",false,2,[41],{"cwe_id":42,"name":43},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",{"has_patch":38,"has_workaround":38},[46],{"vendor":47,"product":48},"PerryTS","perry","PUBLISHED","Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.",[],[],8.1,"HIGH",[12,18],true,"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",{"cve_id":35,"items":59,"total":4},[]]