CVE-2026-36762

· NIST NVD ↗

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.

HIGH
CVSS severity
8.8
CVSS base score
2026-04-30
Published

CWE codes

CWE-22

Sources