A vulnerability labeled as critical has been found in Zulip up to 11.5 . Affected by this vulnerability is an unknown functionality of the file /manage.py . Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2026-26058 . The attack can only be performed from a local environment. No exploit is available. The affected component should be upgraded.