CVE-2026-2953 | Dromara UJCMS 101.2 Template WebFileTemplateController.delete deleteDirectory path traversal

Inserito da Angelo Barbosa | Feb 21, 2026 | CVE

A vulnerability was found in Dromara UJCMS 101.2. It has been declared as critical. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal.

This vulnerability is listed as CVE-2026-2953. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2953 | Dromara UJCMS 101.2 Template WebFileTemplateController.delete deleteDirectory path traversal

Post correlati

CVE-2024-31573 | xmlunit-core prior 2.10.0 XSLT Stylesheet Parser Privilege Escalation

CVE-2025-30519 | Dover Fueling Solutions ProGauge MagLink LX 4 weak credentials (icsa-25-261-07)

CVE-2026-1835 | lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb cross-site request forgery

CVE-2025-53909 | mailcow-dockerized 2024-07 special elements used in a template engine