CVE-2026-36762
Path Traversal in JeeSite File Upload via fileEntityId Parameter
Publication date: 2026-04-30
Last updated on: 2026-05-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thinkgem | jeesite | to 5.15.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-36762 is a path traversal vulnerability in the JeeSite web application, specifically in version 5.15.1 and earlier. It occurs in the /a/file/upload endpoint where the fileEntityId parameter is not properly sanitized. Authenticated attackers with file upload permissions can exploit this flaw to write files with allowed extensions (such as .jar, .apk, .zip) to arbitrary locations on the filesystem by using path traversal sequences like ../../../../ in the fileEntityId parameter.
The vulnerability arises because the application concatenates the user-controlled fileEntityId parameter directly with the base directory path without validation, allowing attackers to escape the intended directory and place files anywhere on the server.
How can this vulnerability impact me? :
This vulnerability can have serious impacts because it allows attackers to write arbitrary files to any location on the server where the application runs. For example, an attacker could upload a malicious JAR file to sensitive directories such as /webapps/ROOT/WEB-INF/lib/, potentially leading to Remote Code Execution (RCE). This means the attacker could execute arbitrary code on the server, compromising the system's integrity, confidentiality, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the `/a/file/upload` endpoint for improper handling of the `fileEntityId` parameter. Specifically, attempts to include path traversal sequences such as `../` in the `fileEntityId` parameter during authenticated file upload requests can indicate the presence of the vulnerability.
You can use commands like curl to test the endpoint by sending authenticated POST requests with crafted `fileEntityId` values containing path traversal patterns. For example:
- curl -X POST -F "fileEntityId=../../../../etc/passwd" -F "[email protected]" https://your-jeesite-domain/a/file/upload -b cookies.txt
- Check server logs or filesystem locations for unexpected file writes outside the intended directories, especially files with whitelisted suffixes like .jar, .apk, or .zip.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing the `fileEntityId` parameter to remove or block path traversal sequences such as `..` before processing any file upload requests.
Additionally, restrict file upload permissions to trusted users only and monitor file upload activities closely.
Upgrading to a later, patched version of JeeSite where this issue has been addressed is strongly recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in JeeSite allows authenticated attackers with file upload permissions to perform path traversal and write arbitrary files to the filesystem, potentially leading to unauthorized file modification or remote code execution.
Such unauthorized access and potential system compromise could lead to violations of common compliance standards and regulations like GDPR and HIPAA, which require strict controls over data integrity, confidentiality, and system security.
If exploited, this vulnerability could result in unauthorized access to sensitive data or disruption of system operations, thereby impacting an organization's ability to meet regulatory requirements for protecting personal or health information.