CVE-2026-11470
6.3 MEDIUMA vulnerability has been found in hs-web hsweb-framework up to 5.0.1
Published: 2026-06-08 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-22
Description
A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 8009845b577d8a2c4bbf4fdd8e8913799a714be6. It is suggested to install a patch to address this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11470
- [Other]https://github.com/hs-web/hsweb-framework/
- [Other]https://github.com/hs-web/hsweb-framework/commit/8009845b577d8a2c4bbf4fdd8e8913799a714be6
- [Other]https://github.com/hs-web/hsweb-framework/issues/344
- [Other]https://github.com/hs-web/hsweb-framework/issues/344#issuecomment-3798035002
- [Other]https://vuldb.com/cve/CVE-2026-11470
- [Other]https://vuldb.com/submit/833856
- [Other]https://vuldb.com/vuln/369090
- [Other]https://vuldb.com/vuln/369090/cti
Related CVEs
Same CWE
- CVE-2026-52726 — Dulwich is a pure-Python implementation of the Git file formats and protocols (7.5 HIGH)
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47712 — Dulwich is a pure-Python implementation of the Git file formats and protocols (3.3 LOW)
- CVE-2026-46703 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (9.6 CRITICAL)
- CVE-2026-42305 — Dulwich is a pure-Python implementation of the Git file formats and protocols (8.8 HIGH)