A vulnerability labeled as critical has been found in heymrun heym up to 0.0.20 . This issue affects the function upload_file of the component File Upload Endpoint . Such manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2026-45225 . The attack can be launched remotely. No exploit exists. The affected component should be upgraded.