CVE-2026-6620

SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal

CVSS 5.3 MEDIUMEPSS 0.3%CWE-22

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

SonicCloudOrg · sonic-server

PoCs públicas encontradas — 1

cve_referencegithub.com/ccccccctiiiiiiii-lab/public_exp/issues/2não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2 https://vuldb.com/submit/792336 https://vuldb.com/vuln/358255 https://vuldb.com/vuln/358255/cti