CVE-2026-6815
Title: Casdoor Arbitrary File Write via Path Traversal
Arbitrary File Access
Proof Of Concept
PoC Available for CVE-2026-6815
CWE Category
NVD-CWE-noinfo
Published Date
May 11, 2026
Modified Date
Jun 01, 2026
Exploit Status
Available
Score
5.9
CVSS v
Exploit Probability (EPSS)
0.51%
Vulnerability Summary
CVE-2026-6815: An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.
Impacted Vendors
Reference Links
CVSS v3.1
Source Entity
134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity
MEDIUM
5.9
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2026-6815 Exploits & PoCs (Proof Of Concept)
Exploit-DB
https://www.exploit-db.com/exploits/52584
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
Attack Vector Matrix
Access Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Stack
No specific products linked.