CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-2552

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.7%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 5.2

References

https://github.com/ez-lbz/ez-lbz.github.io/issues/11
https://github.com/ez-lbz/ez-lbz.github.io/issues/11#issuecomment-3876278793
https://vuldb.com/?ctiid.346161
https://vuldb.com/?id.346161
https://vuldb.com/?submit.749985
https://github.com/ez-lbz/ez-lbz.github.io/issues/11

Products affected by CVE-2026-2552

Zentao » Zentao » Version: 21.7.6

cpe:2.3:a:zentao:zentao:21.7.6
Zentao » Zentao » Version: 21.7.7

cpe:2.3:a:zentao:zentao:21.7.7
Zentao » Zentao » Version: 21.7.8

cpe:2.3:a:zentao:zentao:21.7.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-2552

Products

Pricing

Contact Us