CVE-2026-3795 is a path traversal vulnerability identified in DoraCMS version 3.0.x, a content management system. The vulnerability exists in the createFileBypath function located in the /DoraCMS/server/app/router/api/v1.js file. This function improperly sanitizes or validates user-supplied input, allowing an attacker to manipulate file paths and traverse directories outside the intended scope. The attack can be performed remotely without user interaction and requires only low-level privileges, making it relatively easy to exploit. The vulnerability could allow attackers to create or overwrite arbitrary files on the server, potentially leading to unauthorized disclosure of sensitive information, modification of critical files, or disruption of service. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability at low levels. Despite early notification, the vendor has not responded or provided a patch, and a public exploit is available, increasing the threat landscape. This lack of vendor response necessitates that organizations implement alternative mitigations to protect their systems. The vulnerability affects only DoraCMS 3.0.x, limiting the scope but still posing a significant risk to users of this version.

The path traversal vulnerability in DoraCMS 3.0.x can have several impacts on affected organizations worldwide. Attackers exploiting this flaw can gain unauthorized access to files outside the web root or intended directories, potentially exposing sensitive configuration files, user data, or credentials. They may also create or overwrite files, which could lead to defacement, insertion of malicious code, or disruption of service. This compromises the confidentiality, integrity, and availability of the affected systems. Since the exploit requires only low privileges and no user interaction, the attack surface is broad, especially for publicly accessible DoraCMS instances. The availability of a public exploit increases the likelihood of widespread attacks, including automated scanning and exploitation by opportunistic threat actors. Organizations relying on DoraCMS 3.0.x for web content management may face data breaches, service interruptions, or reputational damage if exploited. The lack of vendor patching further exacerbates the risk, forcing organizations to rely on compensating controls. Overall, the threat is medium severity but with potential for significant operational and security impacts if left unmitigated.

Given the absence of an official patch from the vendor, organizations should implement the following specific mitigations: 1) Apply strict input validation and sanitization on all user-supplied file path parameters to block traversal sequences such as '../'. 2) Employ a web application firewall (WAF) with rules designed to detect and block path traversal attempts targeting DoraCMS endpoints, especially the createFileBypath function. 3) Restrict file system permissions for the DoraCMS application process to the minimum necessary, preventing unauthorized file creation or modification outside designated directories. 4) Monitor server logs and file system changes for unusual activity indicative of exploitation attempts, such as unexpected file creations or access to sensitive files. 5) Isolate DoraCMS instances in segmented network zones to limit lateral movement if compromised. 6) Consider temporary disabling or restricting access to vulnerable API endpoints until a patch or official fix is available. 7) Stay alert for vendor updates or community patches and apply them promptly once released. 8) Conduct regular security assessments and penetration tests focusing on path traversal and related vulnerabilities. These targeted measures go beyond generic advice by focusing on the specific vulnerable function and operational context of DoraCMS 3.0.x.