CVE-2026-2552 | ZenTao up to 21.7.8 Editor editor/control.php delete filePath path traversal

Inserito da Angelo Barbosa | Feb 15, 2026 | CVE

A vulnerability labeled as critical has been found in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal.

This vulnerability is referenced as CVE-2026-2552. The attack needs to be initiated within the local network. No exploit is available.

The affected component should be upgraded.

CVE-2026-2552 | ZenTao up to 21.7.8 Editor editor/control.php delete filePath path traversal

Post correlati

CVE-2025-29890 | QNAP File Station 5.5.6.4741/5.5.6.4791/5.5.6.4847 User Account allocation of resources (qsa-25-19)

CVE-2026-0730 | PHPGurukul Staff Leave Management System 1.0 SVG File adminviews.py ADD_STAFF/UPDATE_STAFF profile_pic cross site scripting

CVE-2024-34936 | Campcodes Complete Web-Based School Management System 1.0 /view/event1.php month sql injection

CVE-2025-54351 | esnet iperf3 up to 3.19.0 net.c MSG_TRUNC unprotected alternate channel