CVE-2026-1813

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4

Description A flaw exists in bolo-blog bolo-solo up to version 2.6.4, specifically within the FreeMarker Template Handler component and the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java. The issue involves unrestricted file upload, potentially triggered by manipulating the File argument. This allows for remote exploitation. The exploit for this issue has been publicly released. The project maintainers were notified of the problem but have not yet responded.

Recommendations Versions up to 2.6.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.