Skip to main content

Casdoor EUVD-2026-29080

| CVE-2026-6815 MEDIUM
2026-05-11 certcc GHSA-rmxx-v9rj-vpvg
Path Traversal Casdoor
5.9
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 15:59 vuln.today
CVSS changed
May 13, 2026 - 15:52 NVD
5.9 (MEDIUM)
CVE Published
May 11, 2026 - 15:20 nvd
MEDIUM 5.9
CVE Published
May 11, 2026 - 15:20 nvd
UNKNOWN (no severity yet)

DescriptionNVD

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.

AnalysisAI

Path traversal in Casdoor's Local File System storage provider allows authenticated administrators to write arbitrary files to the filesystem by bypassing path sanitization in the storage sandbox. An attacker with administrative privileges can exploit insufficient input validation to create or overwrite files anywhere on the host system. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-29080 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy