CVE-2026-2665

Name of the Vulnerable Software and Affected Versions huanzi-qch base-admin versions prior to 57a8126bb3353a004f3c7722089e3b926ea83596

Description A flaw exists in the Upload function within the SysFileController.java file of the JSP Parser component. Manipulating the File argument allows for unrestricted file uploads. This issue can be exploited remotely. The exploit is publicly available. The product uses continuous delivery with rolling releases, and the project has not responded to an early issue report regarding this problem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.