CVE-2026-7519

High

Published: 01 May 2026

Published

01 May 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 17.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7519 is a high-severity Path Traversal (CWE-22) vulnerability in Feishu (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediates the path traversal flaw in Fujian Apex LiveBOS up to 2.0 by applying the recommended upgrade to version 2.1.

SI-10 Information Input Validation good match

prevent

Validates the 'filename' argument in the /feed/UploadImage.do endpoint to block path traversal sequences like '../'.

SC-7 Boundary Protection partial match

preventdetect

Enforces boundary protection at external interfaces using web application firewalls to inspect and block path traversal payloads in upload requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Path traversal in public-facing upload endpoint enables remote exploitation (T1190) and arbitrary file write to deploy web shells (T1505.003).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched…

remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1 is recommended to address this issue. Upgrading the affected component is advised.

Deeper analysisAI

CVE-2026-7519 is a path traversal vulnerability (CWE-22) affecting Fujian Apex LiveBOS versions up to 2.0. The issue resides in an unknown function within the /feed/UploadImage.do endpoint of the component Endpoint, where manipulation of the 'filename' argument enables traversal outside intended directories. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.

The vulnerability can be exploited remotely by unauthenticated attackers with low complexity, requiring no privileges or user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to read, modify, or disrupt files outside the web root via crafted 'filename' parameters in upload requests.

Advisories recommend upgrading to version 2.1 to mitigate the issue, with patching the affected component advised. Details are available in references including VulDB entries (vuldb.com/vuln/360333, vuldb.com/vuln/360333/cti, vuldb.com/submit/804096) and a Feishu document (my.feishu.cn/docx/TCyMdptvaoTQCvxkHLbceJZCnge?from=from_copylink). The exploit has been publicly disclosed and may be in use.