PT-2026-21937 · Feiyuchuixue · Sz-Boot-Parent

Yuccun

Published

2026-02-25

Updated

2026-02-28

CVE-2026-3188

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta

Description A security issue exists in feiyuchuixue sz-boot-parent. The issue affects an unknown part of the file /api/admin/common/download/templates within the API component. Manipulation of the templateName parameter can lead to path traversal. Remote exploitation is possible. The exploit has been publicly released. The project developers have implemented path validity checks on parameters for the template download interface to address this issue.

Recommendations Upgrade to version 1.3.3-beta.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-3188

Affected Products

Sz-Boot-Parent

PT-2026-21937 · Feiyuchuixue · Sz-Boot-Parent

CVE-2026-3188

Weakness Enumeration

Related Identifiers

Affected Products

References · 12