PT-2026-57054 · Halo Dev · Halo

Rekczh

·

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-15326

CVSS v2.0

4.7

Média

VetorAV:N/AC:L/Au:M/C:N/I:P/A:P
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as "duplicate" but did not reference any other issue, report, or CVE.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15326

Produtos afetados

Halo