CVE-2026-6815
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1562 T1565.001 · Stored Data ManipulationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6815
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVE-2026-6815
Source: NVD (National Vulnerability Database)
Vulnerability Description
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Casdoor 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Casdoor是Casdoor开源的一个支持多种身份验证和授权协议的开源平台。 Casdoor存在安全漏洞,该漏洞源于路径清理不足,可能导致具有管理员权限的经过身份验证的攻击者进行路径遍历攻击,在主机文件系统上创建或覆盖任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-6815
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6815
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-6815 (1)
IV. Related Vulnerabilities
Same product: Casdoor
- CVE-2026-5469
Casdoor Webhook URL server-side request forgery - CVE-2026-5468
Casdoor dangerouslySetInnerHTML cross site scripting - CVE-2026-5467
Casdoor OAuth Authorization Request redirect - CVE-2025-4210
Casdoor SCIM User Creation Endpoint scim.go HandleScim autho - CVE-2024-41658
GHSL-2024-036: Reflected XSS in QrCodePage.js
V. Comments for CVE-2026-6815
No comments yet