CVE-2026-1812

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1812
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1812.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1812
Published
2026-02-03T23:16:06.803Z
Modified
2026-03-15T22:51:47.306549Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/adlered/bolo-solo

Affected ranges

Type
GIT
Repo
https://github.com/adlered/bolo-solo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e0ab6b1f57a4ba66b4a42a7b6ceafb87c33290cc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.4"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.0_stable
v1.1_stable
v1.2_stable
v1.3_stable
v1.4_stable
v1.5_stable
v1.6_stable
v1.7_stable
v1.8_stable
v1.9_stable
v2.*
v2.0_stable
v2.1_stable
v2.2_stable
v2.3_stable
v2.4_stable
v2.5_sp1_stable
v2.5_stable
v2.6.1_stable
v2.6.2_stable
v2.6.3_stable
v2.6.4_stable
v2.6_stable

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1812.json"