What is the CVSS score of EUVD-2026-26396?

EUVD-2026-26396 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of JeeSite are affected by EUVD-2026-26396?

JeeSite v5.15.1 contains a path traversal vulnerability in its file upload functionality that permits authenticated users to write files outside intended directories, potentially enabling remote code…

JeeSite EUVD-2026-26396

| CVE-2026-36762 HIGH

Path Traversal (CWE-22)

2026-04-30 mitre

Path Traversal File Upload N A

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 04, 2026 - 18:22 vuln.today

CVSS changed

May 04, 2026 - 18:22 NVD

8.8 (HIGH)

EUVD ID Assigned

Apr 30, 2026 - 18:00 euvd

EUVD-2026-26396

Analysis Generated

Apr 30, 2026 - 18:00 vuln.today

CVE Published

Apr 30, 2026 - 00:00 nvd

HIGH 8.8

DescriptionNVD

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.

AnalysisAI

Path traversal in JeeSite v5.15.1's file upload endpoint allows authenticated users with file upload permissions to write arbitrary files to any filesystem location, enabling remote code execution by uploading malicious files (e.g., JSP webshells) outside intended directories. The vulnerability exists in the fileEntityId parameter of /a/file/upload, bypassing directory restrictions while respecting file extension whitelists. …

RemediationAI

Within 24 hours: Identify all JeeSite v5.15.1 instances in your environment and document which users have file upload permissions; restrict upload functionality to administrators only pending remediation. Within 7 days: Contact JeeSite vendor for patch availability and timeline; implement network-level access controls to limit file upload endpoint (/a/file/upload) to trusted networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26396 vulnerability details – vuln.today

Back

JeeSite EUVD-2026-26396

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code