CVE-2026-36762 | THREATINT

Description

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.

PUBLISHED Reserved 2026-04-06 | Published 2026-04-30 | Updated 2026-05-04 | Assigner mitre

References

github.com/thinkgem/jeesite/issues/529 exploit

github.com/thinkgem/jeesite

github.com/thinkgem/jeesite/issues/529

cve.org (CVE-2026-36762)

nvd.nist.gov (CVE-2026-36762)

Download JSON