{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2552", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-15T16:20:21.100Z", "datePublished": "2026-02-16T11:02:05.938Z", "dateUpdated": "2026-02-23T10:08:48.186Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:08:48.186Z"}, "title": "ZenTao Editor control.php delete path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "n/a", "product": "ZenTao", "versions": [{"version": "21.7.0", "status": "affected"}, {"version": "21.7.1", "status": "affected"}, {"version": "21.7.2", "status": "affected"}, {"version": "21.7.3", "status": "affected"}, {"version": "21.7.4", "status": "affected"}, {"version": "21.7.5", "status": "affected"}, {"version": "21.7.6", "status": "affected"}, {"version": "21.7.7", "status": "affected"}, {"version": "21.7.8", "status": "affected"}, {"version": "21.7.9", "status": "unaffected"}], "modules": ["Editor"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-18T14:29:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ez-lbz (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346161", "name": "VDB-346161 | ZenTao Editor control.php delete path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346161", "name": "VDB-346161 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.749985", "name": "Submit #749985 | Zentao PMS <=21.7.8 Arbitrary File Deletion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11", "tags": ["issue-tracking"]}, {"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11#issuecomment-3876278793", "tags": ["issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T16:41:32.416970Z", "id": "CVE-2026-2552", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T16:41:38.415Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2552", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T16:41:32.416970Z"}}}], "references": [{"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T16:41:24.082Z"}}], "cna": {"title": "ZenTao Editor control.php delete path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "ez-lbz (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["Editor"], "product": "ZenTao", "versions": [{"status": "affected", "version": "21.7.0"}, {"status": "affected", "version": "21.7.1"}, {"status": "affected", "version": "21.7.2"}, {"status": "affected", "version": "21.7.3"}, {"status": "affected", "version": "21.7.4"}, {"status": "affected", "version": "21.7.5"}, {"status": "affected", "version": "21.7.6"}, {"status": "affected", "version": "21.7.7"}, {"status": "affected", "version": "21.7.8"}, {"status": "unaffected", "version": "21.7.9"}]}], "timeline": [{"lang": "en", "time": "2026-02-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-18T14:29:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346161", "name": "VDB-346161 | ZenTao Editor control.php delete path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346161", "name": "VDB-346161 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.749985", "name": "Submit #749985 | Zentao PMS <=21.7.8 Arbitrary File Deletion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11", "tags": ["issue-tracking"]}, {"url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11#issuecomment-3876278793", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:08:48.186Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2552", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:08:48.186Z", "dateReserved": "2026-02-15T16:20:21.100Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-16T11:02:05.938Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zentao:zentao:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCE67271-2680-4919-A9B7-233015FBB0A1", "versionEndIncluding": "21.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en ZenTao hasta la versi\u00f3n 21.7.8. Afecta a la funci\u00f3n delete del archivo editor/control.PHP del componente Committer. Dicha manipulaci\u00f3n del argumento filePath conduce a un salto de ruta. La actualizaci\u00f3n a la versi\u00f3n 21.7.9 puede resolver este problema. El componente afectado debe ser actualizado."}], "id": "CVE-2026-2552", "lastModified": "2026-02-20T18:00:00.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-16T12:16:22.277", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11#issuecomment-3876278793"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346161"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346161"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.749985"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/11"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "21.7.8"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "21.7.9"}}], "product": "zentao", "vendor": "zentao"}], "analysis": {"en": {"generated_at": "2026-04-17T19:06:57.359427+00:00", "value": {"mitigation_remediation": ["Upgrade ZenTao to version 21.7.9 or later to apply the vendor\u2011provided fix.", "Review and tighten access controls on the delete endpoint to limit it to authorized users only.", "Implement server\u2011side input validation that rejects relative path components before performing the delete operation."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized File Deletion via Path Traversal"}, "threat_synthesis": {"affected_systems": "Affected instances are installations of ZenTao version 21.7.8 or earlier, including all hosts running that version of the software. The flaw is present in the ZenTao product itself, specifically its editor component used for code commits.", "description_and_impact": "The vulnerability exists in ZenTao up to version 21.7.8, affecting the delete function in editor/control.php within the Committer component. By manipulating the filePath parameter, an attacker can traverse the filesystem hierarchy and delete arbitrary files. This flaw falls under CWE\u201122 (Path Traversal), potentially compromising the confidentiality, integrity, and availability of files on the server.", "risk_and_exploitability": "The CVSS base score of 5.1 indicates a medium severity vulnerability, and the EPSS score of less than 1\u202f% suggests a low likelihood of exploitation at the present time. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to exploit the delete endpoint\u2014likely authenticated only if the application enforces access control on the Committer component\u2014allowing them to craft a filePath that points outside the intended directory to delete sensitive or system files."}}}}, "created": "2026-02-17T08:49:51.206874+00:00", "updated": "2026-04-17T19:15:26.248936+00:00", "vendors": ["zentao", "zentao$PRODUCT$zentao"]}