CVE-2026-1810

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1810
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1810.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1810
Published
2026-02-03T21:16:12.617Z
Modified
2026-03-15T22:51:47.241468Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/adlered/bolo-solo

Affected ranges

Type
GIT
Repo
https://github.com/adlered/bolo-solo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e0ab6b1f57a4ba66b4a42a7b6ceafb87c33290cc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.4"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.0_stable
v1.1_stable
v1.2_stable
v1.3_stable
v1.4_stable
v1.5_stable
v1.6_stable
v1.7_stable
v1.8_stable
v1.9_stable
v2.*
v2.0_stable
v2.1_stable
v2.2_stable
v2.3_stable
v2.4_stable
v2.5_sp1_stable
v2.5_stable
v2.6.1_stable
v2.6.2_stable
v2.6.3_stable
v2.6.4_stable
v2.6_stable

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1810.json"