CVE-2026-36762

Name of the Vulnerable Software and Affected Versions JeeSite version 5.15.1

Description An issue in the '/a/file/upload' endpoint allows authenticated attackers with file upload permissions to perform path traversal. By manipulating the fileEntityId parameter, an attacker can write arbitrary files with whitelisted suffixes to arbitrary locations on the filesystem. Path traversal is a technique used to access files and directories that are stored outside the web root folder.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.