CVE-2026-2672 | Tsinghua Unigroup Electronic Archives System 3.2.210802(62532) /Search/Subject/downLoad download path path traversal

Inserito da Angelo Barbosa | Feb 18, 2026 | CVE

A vulnerability identified as critical has been detected in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal.

This vulnerability is reported as CVE-2026-2672. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2672 | Tsinghua Unigroup Electronic Archives System 3.2.210802(62532) /Search/Subject/downLoad download path path traversal

Post correlati

CVE-2025-4541 | LmxCMS 1.41 POST Request ZtAction.class.php manageZt sortid sql injection

CVE-2023-6345 | Google Chrome prior 119.0.6045.199 Skia integer overflow

CVE-2023-48362 | Apache Drill up to 1.21.1 XML Format Plugin xml external entity reference (DRILL-8461)

CVE-2025-4078 | Wangshen SecGate 3600 2400 ?g=log_export_file file_name path traversal