CVE-2026-22786 | flipped-aurora gin-vue-admin up to 2.8.7 API Endpoint breakpointContinueFinish OpenFile fileName unrestricted upload (GHSA-3558-j79f-vvm6)

A vulnerability labeled as critical has been found in flipped-aurora gin-vue-admin up to 2.8.7. Impacted is the function OpenFile of the file /fileUploadAndDownload/breakpointContinueFinish of the component API Endpoint. Such manipulation of the argument fileName leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2026-22786. The attack can be launched remotely. No exploit exists.

It is advisable to implement a patch to correct this issue.VulDB Recent EntriesRead More