CVE-2026-1691

Name of the Vulnerable Software and Affected Versions bolo-solo versions up to 2.6.4

Description A flaw exists in bolo-solo up to version 2.6.4 related to deserialization. The issue resides within the importMarkdownsSync function located in the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the SnakeYAML component. This manipulation can be initiated remotely, and details of the exploit are publicly available.

Recommendations Versions prior to 2.6.4 should be updated. As a temporary workaround, consider restricting access to the importMarkdownsSync function until a patch is available.