PT-2026-57054 · Halo Dev · Halo
Rekczh
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-15326
CVSS v2.0
4.7
Medium
| Vector | AV:N/AC:L/Au:M/C:N/I:P/A:P |
A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as "duplicate" but did not reference any other issue, report, or CVE.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Halo