CVE-2026-1813

EUVD-2026-5518

04.02.2026, 00:16

A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
adlered	bolo-solo	𝑥 ≤ 2.6.4

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/bolo-blog/bolo-solo/issues/329

Common Weakness Enumeration

References

https://github.com/bolo-blog/bolo-solo/

https://github.com/bolo-blog/bolo-solo/issues/329

https://vuldb.com/?ctiid.343981

https://vuldb.com/?id.343981

https://vuldb.com/?submit.743402