CVE 9.6 CRITICAL

CVE-2026-36760_CVE-2026-36760

April 30, 2026 invoker category_cve

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Description

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.

AI Analysis

Path traversal vulnerability in JeeSite v5.15.1 allowing authenticated attackers to write arbitrary files to arbitrary filesystem locations

Basic Information

ID CVE-2026-36760

Source mitre

Published Apr 30, 2026 at 00:00

Modified Apr 30, 2026 at 17:50

Affected Product

Vendor thinkgem

Product JeeSite

Version 5.15.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-22

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor thinkgem

Product JeeSite

Version 5.15.1

References

{
    "lastseen": "",
    "description": "An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.",
    "published": "2026-04-30T00:00:00.000Z",
    "modified": "2026-04-30T17:50:04.241Z",
    "type": "cve",
    "title": "CVE-2026-36760",
    "source": "mitre",
    "references": "https://github.com/thinkgem/jeesite\nhttps://github.com/thinkgem/jeesite/issues/530",
    "id": "CVE-2026-36760",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JeeSite",
    "version": "5.15.1",
    "vendor": "thinkgem",
    "ai_description": "Path traversal vulnerability in JeeSite v5.15.1 allowing authenticated attackers to write arbitrary files to arbitrary filesystem locations",
    "ai_severity": "Critical",
    "ai_vendor": "thinkgem",
    "ai_product": "JeeSite",
    "ai_version": "5.15.1",
    "ai_score": 9.6
}

💭 Join the Security Discussion ❌ Cancel Reply