CVE-2026-1812

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4

Description A path traversal issue exists due to the manipulation of the File argument within the importFromCnblogs() function located in the src/main/java/org/b3log/solo/bolo/prop/BackupService.java file of the Filename Handler component. This allows for remote exploitation. The details of the exploit have been publicly disclosed. The project maintainers were notified of the issue but have not yet responded.

Recommendations Versions prior to 2.6.4 should be used. As a temporary workaround, consider restricting access to the importFromCnblogs() function until a patch is available.