CVE-2026-2672
Tsinghua Unigroup Electronic Archives System downLoad download path traversal
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-22 |
| Vendor | tsinghua unigroup |
| Product | electronic archives system |
| Published | Feb 18, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for tsinghua unigroup electronic archives system
Be the first to know when new medium vulnerabilities affecting tsinghua unigroup electronic archives system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Tsinghua Unigroup / Electronic Archives System
3.2.210802(62532)
References
vuldb.com: https://vuldb.com/?id.346468 vuldb.com: https://vuldb.com/?ctiid.346468 vuldb.com: https://vuldb.com/?submit.753295 vuldb.com: https://vuldb.com/?submit.753383 github.com: https://github.com/luoye197-prog/cve-ziguang-fileread/blob/main/introduce github.com: https://github.com/luoye197-prog/cve-ziguang-fileread/blob/main/poc.py
Credits
๐ lanmeik (VulDB User)