CVE-2026-6620

SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal

CVSS 5.3 MEDIUMEPSS 0.3%CWE-22

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

SonicCloudOrg · sonic-server

PoCs públicas encontradas — 1

cve_referencegithub.com/ccccccctiiiiiiii-lab/public_exp/issues/2no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2 https://vuldb.com/submit/792336 https://vuldb.com/vuln/358255 https://vuldb.com/vuln/358255/cti