CVE-2026-15326 - CERT CVE
ID CVE-2026-15326
Sažetak A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as "duplicate" but did not reference any other issue, report, or CVE.
Reference
CVSS
Base: 4.7
Impact: 4.9
Exploitability:6.4
Pristup
VektorSloženostAutentikacija
NETWORK LOW MULTIPLE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:M/C:N/I:P/A:P
Zadnje važnije ažuriranje 10-07-2026 - 15:43
Objavljeno 10-07-2026 - 04:17