CVE-2026-6815
EUVD-2026-2908011.05.2026, 16:17
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| casbin | casdoor | 𝑥 ≤ 2.328.0 |
𝑥
= Vulnerable software versions