CVE-2026-1811 | bolo-blog bolo-solo up to 2.6.4 Filename BackupService.java importFromMarkdown File path traversal (Issue 327)

A vulnerability described as critical has been identified in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File can lead to path traversal.

This vulnerability appears as CVE-2026-1811. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1811 | bolo-blog bolo-solo up to 2.6.4 Filename BackupService.java importFromMarkdown File path traversal (Issue 327)

Post correlati

CVE-2024-55546 | ORing IAP-420 up to 2.01e cross site scripting

CVE-2025-37962 | Linux Kernel up to a41cd52f00907a040ca22c73d4805bb79b0d0972 ksmbd parse_lease_state memory leak

CVE-2024-13606 | rabilal JS Help Desk Plugin up to 2.8.8 on WordPress File Attachment jssupportticketdata information disclosure

CVE-2024-1234 | Exclusive Addons for Elementor Plugin up to 2.6.9 on WordPress cross site scripting