CVE-2026-1810 | bolo-blog bolo-solo up to 2.6.4 ZIP File BackupService.java unpackFilteredZip path traversal (Issue 326)

A vulnerability marked as critical has been reported in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal.

This vulnerability is reported as CVE-2026-1810. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1810 | bolo-blog bolo-solo up to 2.6.4 ZIP File BackupService.java unpackFilteredZip path traversal (Issue 326)

Post correlati

CVE-2023-50885 | Store Locator Plugin up to 1.4.14 on WordPress path traversal

CVE-2025-27519 | truefoundry cognita Environment Variable upload-to-local-directory path traversal (GHSL-2024-193)

CVE-2024-33059 | Qualcomm Snapdragon Auto up to WSA8845H IOCTL Call use after free

CVE-2024-12190 | bitpressadmin Contact Form Plugin up to 2.17.3 on WordPress authorization