CVE-2026-1812 | bolo-blog bolo-solo up to 2.6.4 Filename BackupService.java importFromCnblogs File path traversal (Issue 328)

A vulnerability classified as critical has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal.

This vulnerability is traded as CVE-2026-1812. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1812 | bolo-blog bolo-solo up to 2.6.4 Filename BackupService.java importFromCnblogs File path traversal (Issue 328)

Post correlati

CVE-2024-6330 | GEO my WP Plugin up to 4.5.0.1 on WordPress code injection

CVE-2024-11075 | SICK Incoming Goods Suite 1.0.0 Docker Image unnecessary privileges

CVE-2025-2044 | code-projects Blood Bank Management System 1.0 delete_bloodGroup.php blood_id sql injection

CVE-2023-25176 | OpenHarmony up to 3.2.4 out-of-bounds