Metrics
Affected Vendors & Products
Fri, 10 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 04:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as "duplicate" but did not reference any other issue, report, or CVE. | |
| Title | halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal | |
| First Time appeared |
Halo
Halo halo |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Halo
Halo halo |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-10T14:04:36.292Z
Reserved: 2026-07-09T18:20:45.794Z
Link: CVE-2026-15326
Updated: 2026-07-10T14:04:30.374Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T12:45:04Z