CVE-2026-2953 is a path traversal vulnerability identified in Dromara UJCMS version 101.2, affecting the deleteDirectory function within the WebFileTemplateController.delete component of the Template Handler module. The vulnerability arises due to insufficient validation of user-supplied input in the file path parameter, allowing an attacker to traverse directories and delete files or directories outside the intended directory scope. This can lead to unauthorized deletion of critical files, impacting system integrity and availability. The attack can be performed remotely without user interaction and requires low privileges, making exploitation relatively straightforward. The vendor was informed early but has not responded or released a patch, and exploit details have been publicly disclosed, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and partial impact on integrity and availability (VI:L, VA:L). No known exploits are currently active in the wild, but the public disclosure raises the likelihood of future attacks. The vulnerability does not affect confidentiality directly but poses a significant risk to system stability and data integrity. Organizations relying on UJCMS 101.2 should assess exposure and implement compensating controls until a patch is available.

The primary impact of CVE-2026-2953 is unauthorized deletion of files or directories on systems running Dromara UJCMS 101.2, which can disrupt web services, cause data loss, and degrade system availability. Attackers exploiting this vulnerability can manipulate file paths to delete critical application or system files, potentially leading to denial of service or forcing costly recovery efforts. Although confidentiality is not directly compromised, the integrity and availability of affected systems are at risk. Organizations with public-facing UJCMS installations are particularly vulnerable to remote attacks without user interaction. The lack of vendor response and patch increases the window of exposure, raising the risk of exploitation by opportunistic attackers or automated scanning tools. This can result in operational downtime, reputational damage, and financial losses, especially for businesses relying heavily on UJCMS for content management and web operations.

1. Immediately restrict access to the deleteDirectory function by implementing strict access controls, limiting it to trusted administrators only. 2. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns in HTTP requests targeting the vulnerable endpoint. 3. Monitor server logs and application activity for unusual deletion requests or anomalies related to file operations. 4. If feasible, disable or remove the vulnerable Template Handler component until a patch is available. 5. Implement input validation and sanitization at the application level to reject suspicious path inputs, such as those containing '../' sequences. 6. Maintain regular backups of critical data and configuration files to enable rapid recovery in case of successful exploitation. 7. Engage with the vendor or community to track patch releases or security advisories and apply updates promptly once available. 8. Consider isolating UJCMS installations in segmented network zones to reduce exposure to external threats. 9. Conduct penetration testing and vulnerability scanning focused on path traversal to identify and remediate similar issues proactively.