CVE Catalog

CVE-2026-11470

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability has been found in hs-web hsweb-framework up to version 5.0.1, affecting the denied function in the FileUploadProperties.java file. Manipulation of the filename argument leads to path traversal, which can be exploited remotely.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to files on the server, potentially leading to the exposure of sensitive data.

Recommendation

It is recommended to install the patch with identifier 8009845b577d8a2c4bbf4fdd8e8913799a714be6 to address this vulnerability.

Original NVD description (English source)

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 8009845b577d8a2c4bbf4fdd8e8913799a714be6. It is suggested to install a patch to address this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS