Description

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.

INFO

Published Date :

2026-04-30T00:00:00.000Z

Last Modified :

2026-04-30T17:50:04.241Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-36760 vulnerability.

Vendors Products
Thinkgem
  • Jeesite
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-36760.

URL Resource
https://github.com/thinkgem/jeesite cve-icon cve-icon
https://github.com/thinkgem/jeesite/issues/530 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System