CVE-2026-13528 | YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT AppFileController File Upload Endpoint FileServiceImpl.java generateUploadPath path traversal (Issue 1146)

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. It has been rated as critical. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint. Performing a manipulation results in path traversal.

This vulnerability is known as CVE-2026-13528. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

It is recommended to apply a patch to fix this issue.

This product is published by multiple vendors.

CVE-2026-13528 | YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT AppFileController File Upload Endpoint FileServiceImpl.java generateUploadPath path traversal (Issue 1146)

Post correlati

CVE-2026-35049 | wireapp wire-ios up to 4.15.x infinite loop (GHSA-v6wg-c7qc-x66g)

CVE-2023-43481 | Shenzhen TCL Browser TV Web BrowseHere 6.65.022_dab24cc6_231221_gp code injection

CVE-2024-28298 | BM SOFT BMPlanning 1.0.0.1 /BMServerR.dll/BMRest SEC_IDF/LIE_IDF/PLANF_IDF/CLI_IDF/DOS_IDF sql injection

CVE-2024-41171 | Siemens SINUMERIK 828D/SINUMERIK ONE permission assignment (ssa-342438)