Medium severity5.9NVD Advisory· Published May 11, 2026· Updated Jun 1, 2026
CVE-2026-6815
CVE-2026-6815
Description
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- kb.cert.org/vuls/id/937808nvdThird Party AdvisoryVDB Entry
- www.kb.cert.org/vuls/id/937808nvdThird Party AdvisoryVDB Entry
News mentions
1- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026