CVE-2026-1812

MediumPublic PoC

Published: 03 February 2026

Published

03 February 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0011 28.8th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1812 is a medium-severity Path Traversal (CWE-22) vulnerability in Adlered Bolo-Solo. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates the path traversal vulnerability by requiring validation of the File argument in importFromCnblogs to block traversal sequences like '../'.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of the unremediated path traversal flaw in BackupService.java.

SC-7 Boundary Protection partial match

prevent

Boundary protection mechanisms like web application firewalls can inspect and block remote path traversal payloads targeting the vulnerable Filename Handler component.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Path traversal vulnerability (CWE-22) in public-facing blog application (bolo-blog/bolo-solo) enables remote exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate…

the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Deeper analysisAI

CVE-2026-1812 is a path traversal vulnerability (CWE-22) affecting bolo-blog bolo-solo versions up to 2.6.4. The issue resides in the importFromCnblogs function within the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the Filename Handler component, where manipulation of the File argument enables traversal outside intended directories.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), resulting in a CVSS v3.1 base score of 6.3. The scope remains unchanged (S:U).

Advisories from VulDB indicate the vulnerability was reported to the project early via GitHub issue #328, but the maintainers have not responded or issued patches as of the CVE publication on 2026-02-03. Practitioners should monitor the bolo-blog/bolo-solo GitHub repository for updates.

The exploit has been publicly disclosed and may be actively used, though no confirmed real-world exploitation is reported in available data.