Vulnerability Description
A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unigroup | Electronic Archives System | <= 3.2.210802\(62532\) |
Related Weaknesses (CWE)
References
- https://github.com/luoye197-prog/cve-ziguang-fileread3/blob/main/introduceBroken Link
- https://github.com/luoye197-prog/cve-ziguang-fileread3/blob/main/poc.pyBroken Link
- https://vuldb.com/?ctiid.346474Permissions RequiredVDB Entry
- https://vuldb.com/?id.346474Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.753418Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-2683?
CVE-2026-2683 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipula...
How severe is CVE-2026-2683?
CVE-2026-2683 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2683?
Check the references section above for vendor advisories and patch information. Affected products include: Unigroup Electronic Archives System.