ZenTao Editor control.php delete path traversal_CVE-2026-2552

5.1 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded.

Basic Information

ID CVE-2026-2552

Source VulDB

Published Feb 16, 2026 at 11:02

Affected Product

Vendor n/a

Product ZenTao

Version 21.7.0

Affected Versions n/a ZenTao 21.7.0
n/a ZenTao 21.7.1
n/a ZenTao 21.7.2
n/a ZenTao 21.7.3
n/a ZenTao 21.7.4
n/a ZenTao 21.7.5
n/a ZenTao 21.7.6
n/a ZenTao 21.7.7
n/a ZenTao 21.7.8

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded.",
    "published": "2026-02-16T11:02:05.938Z",
    "modified": "2026-02-16T11:02:05.938Z",
    "type": "cve",
    "title": "ZenTao Editor control.php delete path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346161\nhttps://vuldb.com/?ctiid.346161\nhttps://vuldb.com/?submit.749985\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/11\nhttps://github.com/ez-lbz/ez-lbz.github.io/issues/11#issuecomment-3876278793",
    "id": "CVE-2026-2552",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "n/a ZenTao 21.7.0\nn/a ZenTao 21.7.1\nn/a ZenTao 21.7.2\nn/a ZenTao 21.7.3\nn/a ZenTao 21.7.4\nn/a ZenTao 21.7.5\nn/a ZenTao 21.7.6\nn/a ZenTao 21.7.7\nn/a ZenTao 21.7.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZenTao",
    "version": "21.7.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}