Casdoor · Casdoor · CVE-2026-6815
**Name of the Vulnerable Software and Affected Versions**
Casdoor (affected versions not specified)
**Description**
An arbitrary file write issue exists in the Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack—a method used to access files and directories that are stored outside the web root folder—to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the intended storage sandbox.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.