CVE-2026-2623 is a path traversal vulnerability identified in the Blossom software, specifically in versions 1.17.0 and 1.17.1. The vulnerability resides in the put method of the BLOSManager.java file within the file upload component. Path traversal vulnerabilities occur when user-supplied input is not properly sanitized, allowing attackers to manipulate file paths to access files and directories outside the intended scope. In this case, an attacker can remotely craft requests to upload or manipulate files by specifying paths that traverse directories (e.g., using ../ sequences), potentially overwriting critical files or accessing sensitive data. The vulnerability requires low privileges (PR:L) but no user interaction (UI:N) and can be exploited over the network (AV:N) with low attack complexity (AC:L). The impact on confidentiality, integrity, and availability is limited but present, as unauthorized file access or modification can lead to information leakage or disruption of services. The vendor was contacted but did not respond, and no official patches have been released, although a public exploit exists. This increases the urgency for organizations to implement mitigations or workarounds to reduce risk.

The path traversal vulnerability in Blossom could allow attackers to read or write arbitrary files on affected systems, potentially exposing sensitive information such as configuration files, credentials, or proprietary data. Unauthorized file modification could disrupt application functionality or enable further compromise, such as privilege escalation or persistent backdoors. Since the vulnerability can be exploited remotely without user interaction, it poses a significant risk to exposed Blossom instances, especially those accessible over the internet. The medium CVSS score (5.3) reflects moderate impact and ease of exploitation. Organizations relying on Blossom for critical infrastructure or data processing may face operational disruptions, data breaches, or compliance violations if exploited. The lack of vendor response and patches increases the window of exposure, making timely mitigation essential.

1. Immediately restrict access to Blossom file upload interfaces to trusted networks or authenticated users only, minimizing exposure to untrusted actors. 2. Implement web application firewall (WAF) rules to detect and block path traversal patterns such as '../' sequences in file upload requests. 3. Employ input validation and sanitization at the application or proxy level to reject suspicious file path inputs before they reach Blossom. 4. Monitor logs for unusual file access or upload activity indicative of exploitation attempts. 5. If possible, isolate Blossom instances in segmented network zones to limit lateral movement in case of compromise. 6. Consider disabling or restricting the vulnerable file upload functionality temporarily until a vendor patch or official fix is available. 7. Keep backups of critical data and configurations to enable recovery from potential file tampering. 8. Engage with the vendor or community for updates or unofficial patches and apply them promptly once available.