Medium severity4.3NVD Advisory· Published Apr 17, 2026· Updated Apr 29, 2026

CVE-2026-6487

Description

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Qihui/jtbc5 CMSllm-create
Range: = 5.0.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tcn60zf28jhk.feishu.cn/wiki/CnpvwDdyOi5PXOk8X1fcorudnSvnvd
vuldb.com/submit/786183nvd
vuldb.com/vuln/358028nvd
vuldb.com/vuln/358028/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000