CVE-2026-6815

MEDIUM 5.9

CVE-2026-6815

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

9th

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.

Vendor	casdoor
Product	casdoor
Published	May 11, 2026
Last Updated	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for casdoor casdoor

Be the first to know when new medium vulnerabilities affecting casdoor casdoor are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Casdoor / Casdoor

0 ≤ v2.328.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.cert.org: https://kb.cert.org/vuls/id/937808 kb.cert.org: https://www.kb.cert.org/vuls/id/937808