Login Sign Up

CVE-2026-1810

6.3 MEDIUM
Path Traversal

📋 TL;DR

This CVE describes a path traversal vulnerability in bolo-blog's bolo-solo software up to version 2.6.4. Attackers can exploit the unpackFilteredZip function in the ZIP file handler to write files outside intended directories via manipulated ZIP archives. This affects all users running vulnerable versions of bolo-solo.

💻 Affected Systems

Products:
  • bolo-blog bolo-solo
Versions: Up to and including 2.6.4
Operating Systems: All platforms running Java
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using the backup/restore functionality are vulnerable. The vulnerability is in the core ZIP handling component.

📦 What is this software?

Bolo Solo by Adlered

View all CVEs affecting Bolo Solo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could overwrite critical system files, potentially leading to complete system compromise, data destruction, or installation of persistent backdoors.

🟠

Likely Case

Attackers could write malicious files to web-accessible directories, enabling web shell deployment, data exfiltration, or privilege escalation.

🟢

If Mitigated

With proper file permissions and input validation, exploitation would be limited to writing files only within the application's sandboxed directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the GitHub issue. Remote exploitation is confirmed possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

No official patch exists. Monitor the GitHub repository for updates. Consider applying community fixes or migrating to alternative software.

🔧 Temporary Workarounds

Disable ZIP upload functionality

all

Temporarily disable backup/restore features that process ZIP files

Modify application configuration to disable BackupService functionality

Implement input validation proxy

all

Add a reverse proxy or WAF to validate and sanitize ZIP file uploads

Configure WAF rules to detect path traversal patterns in file uploads

🧯 If You Can't Patch

  • Implement strict file system permissions to limit write access to application directories only
  • Deploy network segmentation to isolate bolo-solo instances from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if running bolo-solo version 2.6.4 or earlier. Review application logs for suspicious ZIP file processing.

Check Version:

Check application version in admin panel or examine pom.xml for version information

Verify Fix Applied:

Test with a crafted ZIP file containing path traversal sequences to verify proper validation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual ZIP file processing errors
  • File write operations outside expected directories
  • Multiple failed backup/restore attempts

Network Indicators:

  • Unusual uploads to backup/restore endpoints
  • Large ZIP files being processed

SIEM Query:

source="bolo-solo" AND (event="ZIP_PROCESSING" OR event="FILE_WRITE") AND path=".."

📊 Metadata

CVE ID: CVE-2026-1810
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-22
EPSS Score: 0.07% exploit probability (20.1th percentile)
Published: February 3, 2026
Last Updated: March 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1810, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)