CVE-2026-1811

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4

Description A path traversal issue exists in the Filename Handler component of bolo-blog bolo-solo. The issue is located in the importFromMarkdown function within the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java. Manipulation of the File argument can lead to path traversal, potentially allowing remote exploitation. The exploit has been published.

Recommendations Versions prior to 2.6.4 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.