CVE-2026-1811
Published: 03 February 2026
Summary
CVE-2026-1811 is a medium-severity Path Traversal (CWE-22) vulnerability in Adlered Bolo-Solo. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1811 is a path traversal vulnerability (CWE-22) in bolo-blog bolo-solo versions up to 2.6.4. The flaw resides in the importFromMarkdown function within the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java, specifically affecting the Filename Handler component. By manipulating the File argument, attackers can traverse directories, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by authenticated users with low privileges (PR:L). Successful exploitation allows limited impacts, including low-level confidentiality, integrity, and availability violations, such as unauthorized file access or modification outside intended paths.
Advisories reference an early issue report to the project at https://github.com/bolo-blog/bolo-solo/issues/327, but the maintainers have not responded. No patches or mitigations are mentioned in the available references, including VulDB entries at https://vuldb.com/?ctiid.343979, https://vuldb.com/?id.343979, and https://vuldb.com/?submit.742437.
An exploit has been publicly disclosed and may be actively used, as noted in vulnerability databases.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5153
Vulnerability details
A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File can lead to path traversal. The attack may…
more
be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables arbitrary local file read/modification (T1005 Data from Local System) and is triggered via remote exploitation of a public-facing web app (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of untrusted file-name/path inputs to the importFromMarkdown function, blocking the directory-traversal sequences that constitute this CVE.
Enforces that every file-system access request is checked against an authorization policy, preventing the unauthorized reads/writes outside the intended backup directory.
Limits the privileges of the authenticated user account invoking BackupService, reducing the set of files that can be reached even if a traversal succeeds.