CVE-2026-2953: Path Traversal in Dromara UJCMS
CVE-2026-2953 is a medium-severity path traversal vulnerability in Dromara UJCMS version 101. 2, specifically in the deleteDirectory function of the WebFileTemplateController. delete component. This flaw allows remote attackers with limited privileges to manipulate file paths, potentially accessing or deleting files outside the intended directory. The vulnerability does not require user interaction or authentication but does require some level of privilege. Although the vendor has not responded and no patches are currently available, public exploit details have been disclosed. The vulnerability impacts confidentiality, integrity, and availability by enabling unauthorized file system access and deletion. Organizations using UJCMS 101. 2 should prioritize mitigating this risk to prevent potential data breaches or service disruptions. Countries with significant usage of this CMS or strategic interest in affected sectors are at higher risk.
AI Analysis
Technical Summary
CVE-2026-2953 identifies a path traversal vulnerability in Dromara UJCMS version 101.2, affecting the deleteDirectory function within the WebFileTemplateController.delete component, which is part of the Template Handler module. The vulnerability arises from insufficient validation or sanitization of file path inputs, allowing an attacker to manipulate the path parameter to traverse directories outside the intended scope. This can lead to unauthorized deletion or access of files on the server's filesystem. The attack vector is remote network access, and exploitation requires limited privileges but no user interaction or authentication. The vulnerability impacts the confidentiality, integrity, and availability of the system by enabling unauthorized file system operations. The vendor was notified but has not issued a patch or response, and public exploit details have been disclosed, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L, meaning limited privileges), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (each marked as low). No known exploits in the wild have been reported yet. The lack of vendor response and patch availability necessitates immediate mitigation by users of UJCMS 101.2.
Potential Impact
The vulnerability allows attackers with limited privileges to perform unauthorized file system operations, including deleting or accessing files outside the intended directory structure. This can lead to data loss, unauthorized disclosure of sensitive information, or disruption of service availability. Organizations relying on Dromara UJCMS 101.2 for content management may face compromised system integrity and availability, potentially affecting website functionality and data security. The public disclosure of exploit details increases the likelihood of exploitation attempts, especially in environments where the CMS is exposed to the internet. The impact is heightened in sectors where data confidentiality and service continuity are critical, such as government, finance, and healthcare. Additionally, the absence of vendor patches prolongs exposure and risk.
Mitigation Recommendations
1. Immediately restrict access to the affected deleteDirectory functionality by implementing strict access controls and limiting user privileges to only trusted administrators. 2. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns targeting the deleteDirectory endpoint. 3. Conduct input validation and sanitization at the application level to reject suspicious path parameters, especially those containing directory traversal sequences like '../'. 4. Isolate the CMS environment using containerization or sandboxing to limit the impact of potential exploitation. 5. Regularly back up critical data and configuration files to enable recovery in case of unauthorized deletions. 6. Monitor logs for unusual file system access or deletion activities related to the Template Handler component. 7. Engage with the vendor or community to track patch releases or official mitigations. 8. Consider upgrading to a newer, unaffected version of UJCMS once available or applying community-developed patches if official fixes remain unavailable.
Affected Countries
China, United States, Germany, India, Brazil, Russia, South Korea, Japan, France, United Kingdom
CVE-2026-2953: Path Traversal in Dromara UJCMS
Description
CVE-2026-2953 is a medium-severity path traversal vulnerability in Dromara UJCMS version 101. 2, specifically in the deleteDirectory function of the WebFileTemplateController. delete component. This flaw allows remote attackers with limited privileges to manipulate file paths, potentially accessing or deleting files outside the intended directory. The vulnerability does not require user interaction or authentication but does require some level of privilege. Although the vendor has not responded and no patches are currently available, public exploit details have been disclosed. The vulnerability impacts confidentiality, integrity, and availability by enabling unauthorized file system access and deletion. Organizations using UJCMS 101. 2 should prioritize mitigating this risk to prevent potential data breaches or service disruptions. Countries with significant usage of this CMS or strategic interest in affected sectors are at higher risk.
AI-Powered Analysis
Technical Analysis
CVE-2026-2953 identifies a path traversal vulnerability in Dromara UJCMS version 101.2, affecting the deleteDirectory function within the WebFileTemplateController.delete component, which is part of the Template Handler module. The vulnerability arises from insufficient validation or sanitization of file path inputs, allowing an attacker to manipulate the path parameter to traverse directories outside the intended scope. This can lead to unauthorized deletion or access of files on the server's filesystem. The attack vector is remote network access, and exploitation requires limited privileges but no user interaction or authentication. The vulnerability impacts the confidentiality, integrity, and availability of the system by enabling unauthorized file system operations. The vendor was notified but has not issued a patch or response, and public exploit details have been disclosed, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L, meaning limited privileges), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (each marked as low). No known exploits in the wild have been reported yet. The lack of vendor response and patch availability necessitates immediate mitigation by users of UJCMS 101.2.
Potential Impact
The vulnerability allows attackers with limited privileges to perform unauthorized file system operations, including deleting or accessing files outside the intended directory structure. This can lead to data loss, unauthorized disclosure of sensitive information, or disruption of service availability. Organizations relying on Dromara UJCMS 101.2 for content management may face compromised system integrity and availability, potentially affecting website functionality and data security. The public disclosure of exploit details increases the likelihood of exploitation attempts, especially in environments where the CMS is exposed to the internet. The impact is heightened in sectors where data confidentiality and service continuity are critical, such as government, finance, and healthcare. Additionally, the absence of vendor patches prolongs exposure and risk.
Mitigation Recommendations
1. Immediately restrict access to the affected deleteDirectory functionality by implementing strict access controls and limiting user privileges to only trusted administrators. 2. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns targeting the deleteDirectory endpoint. 3. Conduct input validation and sanitization at the application level to reject suspicious path parameters, especially those containing directory traversal sequences like '../'. 4. Isolate the CMS environment using containerization or sandboxing to limit the impact of potential exploitation. 5. Regularly back up critical data and configuration files to enable recovery in case of unauthorized deletions. 6. Monitor logs for unusual file system access or deletion activities related to the Template Handler component. 7. Engage with the vendor or community to track patch releases or official mitigations. 8. Consider upgrading to a newer, unaffected version of UJCMS once available or applying community-developed patches if official fixes remain unavailable.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-02-21T21:11:08.662Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 699b0fe9be58cf853b4f96d8
Added to database: 2/22/2026, 2:17:13 PM
Last enriched: 2/22/2026, 2:31:31 PM
Last updated: 2/22/2026, 4:41:30 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2954: Injection in Dromara UJCMS
MediumCVE-2026-2952: OS Command Injection in Vaelsys
MediumCVE-2026-2947: Cross Site Scripting in rymcu forest
MediumCVE-2026-2946: Cross Site Scripting in rymcu forest
MediumCVE-2026-2945: Server-Side Request Forgery in JeecgBoot
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.