PT-2026-53198 · Unknown · Ruoyi-Vue-Pro
Published
2026-06-29
·
Updated
2026-06-29
·
CVE-2026-13528
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ruoyi-vue-pro versions prior to 2026.04-jdk8-SNAPSHOT
Description
A path traversal issue exists in the AppFileController File Upload Endpoint. The flaw is located within the
generateUploadPath() function of the FileServiceImpl.java file. This allows a remote attacker to perform a manipulation that results in unauthorized access to files or directories outside the intended folder.Recommendations
Apply patch 4ae3f6b2c9883978837638c14e3d18419819eeb0 to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruoyi-Vue-Pro