highCVE-2026-60114

CVE-2026-60114 sustainable irrigation platform vulnerability

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths. Attackers can exploit the lack of key validation in the JSON restore process, combined with the absence of a required passphrase in the default configuration or the default passphrase 'opendoor', to write arbitrary JSON files outside the intended data directory.

Productsustainable irrigation platform
CVSS8.7
EPSS0.00303
UpdatedJuly 17, 2026

Quick answer

dan-in-ca sustainable irrigation platform should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

CVE-2026-60114 affects Sustainable Irrigation Platform. The restore feature can accept crafted backup data and write files outside the safe data folder. Update SIP and remove weak or default restore passphrases.

  1. Upgrade Sustainable Irrigation Platform to a version that validates restore backup keys and blocks path traversal.
  2. Disable restore access for normal users and allow it only for trusted administrators.
  3. Change the default restore passphrase immediately and use a long unique value.
  4. Review recent restore uploads and check whether files were written outside the intended data directory.
  5. Keep web server file permissions tight so the application cannot write to system or code folders.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm the installed SIP version is newer than the affected release range.
  • Try a safe restore test with traversal-style keys in staging and confirm the upload is rejected.
  • Scan the server for unexpected JSON files or modified application files.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-60114?

dan-in-ca sustainable irrigation platform should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

How are Fixnx security risk categories chosen?

Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.