A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
PUBLISHED5.2CWE-22
bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal
Problem type
Affected products
bolo-blog
bolo-solo
2.6.0 - AFFECTED
2.6.1 - AFFECTED
2.6.2 - AFFECTED
2.6.3 - AFFECTED
2.6.4 - AFFECTED
References
VDB-343980 | bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal
https://vuldb.com/?id.343980
VDB-343980 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.343980
Submit #742582 | https://github.com/bolo-blog/bolo-solo bolo-solo V2.6.4 Arbitrary file write
https://vuldb.com/?submit.742582
github.com
https://github.com/bolo-blog/bolo-solo/issues/328
github.com
https://github.com/bolo-blog/bolo-solo/
GitHub Security Advisories
GHSA-7jwc-4rcq-547h
A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function...
https://github.com/advisories/GHSA-7jwc-4rcq-547hA vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-1812
github.com
https://github.com/bolo-blog/bolo-solo/issues/328
github.com
https://github.com/bolo-blog/bolo-solo
vuldb.com
https://vuldb.com/?ctiid.343980
vuldb.com
https://vuldb.com/?id.343980
vuldb.com
https://vuldb.com/?submit.742582
github.com
https://github.com/advisories/GHSA-7jwc-4rcq-547h
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-1812Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-1812",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-03T22:32:08.158Z",
"dateReserved": "2026-02-03T14:03:56.109Z",
"datePublished": "2026-02-03T22:32:08.158Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-03T22:32:08.158Z"
},
"title": "bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"affected": [
{
"vendor": "bolo-blog",
"product": "bolo-solo",
"modules": [
"Filename Handler"
],
"versions": [
{
"version": "2.6.0",
"status": "affected"
},
{
"version": "2.6.1",
"status": "affected"
},
{
"version": "2.6.2",
"status": "affected"
},
{
"version": "2.6.3",
"status": "affected"
},
{
"version": "2.6.4",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Path Traversal",
"cweId": "CWE-22",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.343980",
"name": "VDB-343980 | bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.343980",
"name": "VDB-343980 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.742582",
"name": "Submit #742582 | https://github.com/bolo-blog/bolo-solo bolo-solo V2.6.4 Arbitrary file write",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/bolo-blog/bolo-solo/issues/328",
"tags": [
"exploit",
"issue-tracking"
]
},
{
"url": "https://github.com/bolo-blog/bolo-solo/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 6.5
}
}
],
"timeline": [
{
"time": "2026-02-03T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-03T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-03T15:09:07.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "MaoQiu (VulDB User)",
"type": "reporter"
}
]
}
}
}