CVE 8.8 HIGH

CVE-2026-36762_CVE-2026-36762

May 4, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.

AI Analysis

Path traversal vulnerability in JeeSite v5.15.1 allowing authenticated attackers to write arbitrary files to arbitrary filesystem locations

Basic Information

ID CVE-2026-36762

Source mitre

Published Apr 30, 2026 at 00:00

Modified May 4, 2026 at 17:52

Affected Product

Vendor thinkgem

Product JeeSite

Version 5.15.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-22

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor thinkgem

Product JeeSite

Version 5.15.1

References

{
    "lastseen": "",
    "description": "An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.",
    "published": "2026-04-30T00:00:00.000Z",
    "modified": "2026-05-04T17:52:55.835Z",
    "type": "cve",
    "title": "CVE-2026-36762",
    "source": "mitre",
    "references": "https://github.com/thinkgem/jeesite\nhttps://github.com/thinkgem/jeesite/issues/529",
    "id": "CVE-2026-36762",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JeeSite",
    "version": "5.15.1",
    "vendor": "thinkgem",
    "ai_description": "Path traversal vulnerability in JeeSite v5.15.1 allowing authenticated attackers to write arbitrary files to arbitrary filesystem locations",
    "ai_severity": "High",
    "ai_vendor": "thinkgem",
    "ai_product": "JeeSite",
    "ai_version": "5.15.1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply