CVE-2026-3188 | feiyuchuixue sz-boot-parent up to 1.3.2-beta API templates templateName path traversal

A vulnerability classified as critical has been found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal.

This vulnerability is known as CVE-2026-3188. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

It is recommended to upgrade the affected component.

The project was informed beforehand and acted very professional: “We have implemented path validity checks on parameters for the template download interface (…)”

CVE-2026-3188 | feiyuchuixue sz-boot-parent up to 1.3.2-beta API templates templateName path traversal

Post correlati

CVE-2024-23110 | Fortinet FortiOS up to 7.4.2 Command stack-based overflow (FG-IR-23-460)

CVE-2024-43336 | WP User Manager Plugin up to 2.9.10 on WordPress cross-site request forgery

CVE-2025-8719 | Translate This gTranslate Shortcode Plugin up to 1.0 on WordPress base_lang cross site scripting

CVE-2024-4495 | Tenda i21 1.0.0.14(4656) formWifiMacFilterGet index stack-based overflow