CVE-2026-1813

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1813
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1813.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1813
Published
2026-02-04T00:16:08.743Z
Modified
2026-03-11T13:45:09.979893Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/adlered/bolo-solo

Affected ranges

Type
GIT
Repo
https://github.com/adlered/bolo-solo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e0ab6b1f57a4ba66b4a42a7b6ceafb87c33290cc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.4"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.0_stable
v1.1_stable
v1.2_stable
v1.3_stable
v1.4_stable
v1.5_stable
v1.6_stable
v1.7_stable
v1.8_stable
v1.9_stable
v2.*
v2.0_stable
v2.1_stable
v2.2_stable
v2.3_stable
v2.4_stable
v2.5_sp1_stable
v2.5_stable
v2.6.1_stable
v2.6.2_stable
v2.6.3_stable
v2.6.4_stable
v2.6_stable

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1813.json"