A vulnerability categorized as critical has been discovered in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization.

This vulnerability is traded as CVE-2026-1691. The attack may be launched remotely. Furthermore, there is an exploit available.