CVE-2026-2623 is a path traversal vulnerability identified in Blossom versions 1.17.0 and 1.17.1, specifically within the file upload functionality implemented in the BLOSManager.java source file. The vulnerability arises from insufficient validation or sanitization of file paths during the 'put' operation, allowing an attacker to manipulate the file path parameter to traverse directories outside the intended upload directory. This can enable unauthorized reading, overwriting, or deletion of arbitrary files on the server filesystem. The flaw can be exploited remotely without requiring user interaction and only low-level privileges, increasing the attack surface. The vulnerability has a CVSS 4.0 base score of 5.3, reflecting medium severity due to limited scope and partial impact on confidentiality, integrity, and availability. No patches or vendor responses have been published, and no known exploits are currently observed in the wild. However, the existence of a public exploit indicates that attackers could weaponize this vulnerability. The lack of sandboxing or strict path validation in the affected component exacerbates the risk. Organizations using Blossom 1.17.0 or 1.17.1 should be aware of this vulnerability and take immediate action to mitigate potential exploitation.

For European organizations, exploitation of this vulnerability could lead to unauthorized access to sensitive files, modification or deletion of critical data, and potential disruption of services relying on Blossom. This could compromise confidentiality by exposing sensitive information, integrity by allowing unauthorized file modifications, and availability if critical files are deleted or corrupted. Sectors such as finance, healthcare, government, and critical infrastructure that rely on Blossom for backend operations could face operational disruptions and data breaches. The medium severity rating suggests a moderate risk, but the ease of remote exploitation without user interaction increases urgency. Organizations with Blossom deployed in multi-tenant or internet-facing environments are particularly vulnerable to attacks that could lead to lateral movement or privilege escalation within their networks.

Since no official patches or vendor responses are available, European organizations should implement immediate compensating controls. These include: 1) Restricting file upload permissions and validating file paths rigorously at the application layer to prevent directory traversal sequences (e.g., '..\' or '../'). 2) Employing web application firewalls (WAFs) with rules to detect and block path traversal attempts targeting Blossom endpoints. 3) Running Blossom services with the least privilege necessary, ensuring the application process cannot write or modify files outside designated directories. 4) Monitoring logs for suspicious file upload activities and anomalous file system changes. 5) Isolating Blossom instances in segmented network zones to limit lateral movement if compromised. 6) Considering temporary disabling of file upload features if feasible until a patch is released. 7) Engaging in threat intelligence sharing within industry groups to stay updated on exploit developments. These measures go beyond generic advice by focusing on application-level validation, privilege restriction, and network segmentation tailored to Blossom's architecture.