What is the severity of CVE-2026-22786?

CVE-2026-22786 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2026-22786?

No known public exploits are currently available for CVE-2026-22786.

Is there a patch available for CVE-2026-22786?

Yes, patches are available for CVE-2026-22786. Check the vendor advisories for update instructions.

CVE-2026-22786 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Impact

Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory.

Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attackers to access or write files outside the intended directory. In the breakpoint_continue.go file, the MakeFile function accepts a fileName parameter through the /fileUploadAndDownload/breakpointContinueFinish API endpoint and directly concatenates it with the base directory path (./fileDir/) using os.OpenFile() without any validation for directory traversal sequences (e.g., ../).

Notably, while the related makeFileContent function in the same file properly validates the fileName parameter by checking for .. sequences, the MakeFile function lacks this security control, indicating an inconsistent security implementation.

An attacker with file upload privileges (role ID 888 - super administrator) could exploit this vulnerability by:

First uploading file chunks through the /fileUploadAndDownload/breakpointContinue endpoint (which has proper validation)

Then calling the /fileUploadAndDownload/breakpointContinueFinish endpoint with a malicious fileName parameter containing path traversal sequences (e.g., ../../../tmp/malicious.txt)

This could lead to: Arbitrary file creation, application process, Configuration file overwriting, Potential Remote Code Execution......

POC

Use this endpoint to upload any files(include *name or *file types)
<img width="1429" height="788" alt="Clipboard_Screenshot_1767755216" src="https://github.com/user-attachments/assets/516022d6-32af-4810-abd9-945cb0bc5ae5" />
Then, the filename parameter here uses ../ to traverse to an arbitrary path.
<img width="1445" height="306" alt="Clipboard_Screenshot_1767755256" src="https://github.com/user-attachments/assets/577aa1c1-9b26-4082-b431-f9dac1cdc307" />
Proof
<img width="837" height="843" alt="Clipboard_Screenshot_1767755312" src="https://github.com/user-attachments/assets/66f51049-8dc8-4c94-994e-a6d8bc1196a9" />

Patches

Please wait for the latest patch

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

Github.com