CVE-2026-6815
Analyzed Analyzed - Analysis Complete
Arbitrary File Write via Path Traversal in Casdoor

Publication date: 2026-05-11

Last updated on: 2026-06-01

Assigner: CERT/CC

Description
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-20
NVD
CVE-2026-6815
EUVD
EUVD-2026-29080
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
casbin casdoor to 2.328.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an authenticated attacker with administrative privileges to perform arbitrary file writes anywhere on the host filesystem, potentially overwriting critical files such as the backend database. This can lead to disruption of authentication services and possibly full host compromise.

Such a compromise could result in unauthorized access to sensitive data or system controls, which may violate common standards and regulations like GDPR or HIPAA that require protection of personal and health information, secure authentication, and system integrity.

Mitigations such as restricting administrative access, limiting filesystem permissions, or disabling vulnerable components are recommended to reduce the risk of non-compliance due to this vulnerability.

Executive Summary

CVE-2026-6815 is an arbitrary file write vulnerability in Casdoor's Local File System storage provider. It occurs because the system does not properly sanitize user-supplied file paths during uploads.

An authenticated attacker with administrative privileges can exploit this vulnerability by performing a Path Traversal attack, using directory traversal sequences (like ../../) to escape the intended storage directory.

This allows the attacker to create or overwrite arbitrary files anywhere on the host filesystem where the Casdoor process has write permissions, bypassing the application's intended storage sandbox.

Impact Analysis

This vulnerability can have serious impacts including the ability for an attacker to overwrite critical files on the host system.

For example, an attacker could overwrite Casdoor’s backend database (casdoor.db), disrupting authentication services.

Such disruption could lead to denial of service or potentially full host compromise if the attacker gains control over important system files.

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized or suspicious file writes outside the intended storage directory of Casdoor's Local File System provider. Since exploitation uses directory traversal sequences (e.g., ../../) during file uploads, inspecting logs for such patterns can help identify attempts.

Commands to detect potential exploitation attempts include searching Casdoor upload logs or filesystem audit logs for directory traversal patterns or unexpected file modifications.

  • grep -r '\.\./' /path/to/casdoor/logs
  • auditctl -w /path/to/casdoor/storage -p wa -k casdoor_monitor
  • ausearch -k casdoor_monitor

Additionally, monitoring for unexpected changes to critical files such as casdoor.db can indicate exploitation.

Mitigation Strategies

Immediate mitigation steps include restricting administrative access to Casdoor to trusted users only, limiting filesystem permissions for the Casdoor service account to prevent writing outside the intended directories, and disabling the Local File System storage provider if it is not essential.

Applying any available patches or updates that address this vulnerability as soon as possible is also critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart