CVE-2026-3188
📋 TL;DR
This CVE describes a path traversal vulnerability in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. Attackers can manipulate the templateName parameter in the /api/admin/common/download/templates API endpoint to access arbitrary files on the server. Organizations using affected versions of this software are vulnerable to unauthorized file reading.
💻 Affected Systems
- feiyuchuixue sz-boot-parent
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files, configuration files, or application data, potentially leading to credential theft, data breaches, or further system compromise.
Likely Case
Unauthorized reading of application files, configuration files, or other sensitive data stored on the server.
If Mitigated
Limited impact with proper input validation and file access controls in place.
🎯 Exploit Status
Exploit code is publicly available and remote exploitation is possible
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3-beta
Vendor Advisory: https://github.com/feiyuchuixue/sz-boot-parent/releases/tag/v1.3.3-beta
Restart Required: Yes
Instructions:
1. Backup current installation. 2. Download version 1.3.3-beta from the official repository. 3. Replace affected files with patched version. 4. Restart the application/service.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to reject templateName parameters containing path traversal sequences
Implement regex filter: reject parameters containing '../', '..\\', or absolute paths
Access Control Restriction
allRestrict file access to specific directories only
Configure application to only allow file access within designated template directories
🧯 If You Can't Patch
- Implement WAF rules to block path traversal patterns in API requests
- Restrict network access to the vulnerable endpoint using firewall rules
🔍 How to Verify
Check if Vulnerable:
Test the /api/admin/common/download/templates endpoint with templateName parameter containing path traversal sequences like '../../etc/passwd'Check Version:
Check application version in configuration files or via application metadataVerify Fix Applied:
After patching, test with same path traversal attempts - should return error or be blocked📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns
- API requests with '../' sequences in parameters
- Failed file access attempts outside expected directories
Network Indicators:
- HTTP requests to /api/admin/common/download/templates with suspicious parameter values
- Unusual file download patterns
SIEM Query:
source="web_server" AND uri="/api/admin/common/download/templates" AND (param="*../*" OR param="*..\\*")🔗 References
- https://github.com/feiyuchuixue/sz-boot-parent/
- https://github.com/feiyuchuixue/sz-boot-parent/commit/aefaabfd7527188bfba3c8c9eee17c316d094802
- https://github.com/feiyuchuixue/sz-boot-parent/releases/tag/v1.3.3-beta
- https://github.com/yuccun/CVE/blob/main/sz-boot-parent-Path_Traversal_to_Arbitrary_Resource_File_Read.md
- https://vuldb.com/?ctiid.347746
- https://vuldb.com/?id.347746
- https://vuldb.com/?submit.754041
