A vulnerability was found in alfio-event alf.io up to 2.0-M5-2605 . It has been declared as critical . Affected by this vulnerability is the function postFileAndSaveResponse . Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-41412 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.