CVE-2026-2623

Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1

Description A path traversal issue exists in Blossom due to a flaw in the put function within the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java, specifically within the File Upload component. This manipulation allows for remote exploitation. The exploit has been published. The vendor was contacted but did not respond.

Recommendations Versions prior to 1.17.1 should be updated. As a temporary workaround, consider restricting access to the put function within the BLOSManager.java file until a patch is available.