cbcvebase.
CVE-2026-6815
published 2026-05-11

CVE-2026-6815: An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker…

PriorityP341medium5.9CVSS 3.1
AVLACLPRNUINSUCLILAL
EXPLOIT
EPSS
0.51%
39.8th percentile
An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.

Affected

2 ranges
VendorProductVersion rangeFixed in
casbincasdoor<= 2.328.0
casdoorcasdoor<= v2.328.0
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.