Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Feiyuchuixue sz-boot-parent API Download Templates Exposes Path Traversal Risk
CVE-2026-3188
Summary
A security issue in the Feiyuchuixue sz-boot-parent API could allow an attacker to access unauthorized files by manipulating the template download feature. This could potentially allow an attacker to access sensitive information. To fix this issue, update to version 1.3.3-beta of the affected component.
Original title
A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a...
Original description
A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.3.3-beta is able to mitigate this issue. The patch is named aefaabfd7527188bfba3c8c9eee17c316d094802. It is recommended to upgrade the affected component. The project was informed beforehand and acted very professional: "We have implemented path validity checks on parameters for the template download interface (...)"
nvd CVSS2.0
4.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-22
Path Traversal
- https://github.com/feiyuchuixue/sz-boot-parent/
- https://github.com/feiyuchuixue/sz-boot-parent/commit/aefaabfd7527188bfba3c8c9ee...
- https://github.com/feiyuchuixue/sz-boot-parent/releases/tag/v1.3.3-beta
- https://github.com/yuccun/CVE/blob/main/sz-boot-parent-Path_Traversal_to_Arbitra...
- https://vuldb.com/?ctiid.347746
- https://vuldb.com/?id.347746
- https://vuldb.com/?submit.754041
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026