Cyber Posture

CVE-2026-1811

MediumPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0004 12.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1811 is a medium-severity Path Traversal (CWE-22) vulnerability in Adlered Bolo-Solo. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal enables arbitrary local file read/modification (T1005 Data from Local System) and is triggered via remote exploitation of a public-facing web app (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File can lead to path traversal. The attack may…

more

be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Deeper analysisAI

CVE-2026-1811 is a path traversal vulnerability (CWE-22) in bolo-blog bolo-solo versions up to 2.6.4. The flaw resides in the importFromMarkdown function within the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java, specifically affecting the Filename Handler component. By manipulating the File argument, attackers can traverse directories, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability can be exploited remotely by authenticated users with low privileges (PR:L). Successful exploitation allows limited impacts, including low-level confidentiality, integrity, and availability violations, such as unauthorized file access or modification outside intended paths.

Advisories reference an early issue report to the project at https://github.com/bolo-blog/bolo-solo/issues/327, but the maintainers have not responded. No patches or mitigations are mentioned in the available references, including VulDB entries at https://vuldb.com/?ctiid.343979, https://vuldb.com/?id.343979, and https://vuldb.com/?submit.742437.

An exploit has been publicly disclosed and may be actively used, as noted in vulnerability databases.

Details

CWE(s)
CWE-22

Affected Products

adlered
bolo-solo
≤ 2.6.4

CVEs Like This One

CVE-2026-1812Same product: Adlered Bolo-Solo
CVE-2026-1810Same product: Adlered Bolo-Solo
CVE-2026-1691Same product: Adlered Bolo-Solo
CVE-2026-1813Same product: Adlered Bolo-Solo
CVE-2026-23536Shared CWE-22
CVE-2025-23422Shared CWE-22
CVE-2025-8343Shared CWE-22
CVE-2025-10559Shared CWE-22
CVE-2025-67076Shared CWE-22
CVE-2026-5258Shared CWE-22

References