CVE-2026-7676 | kerwincui FastBee up to 1.2.1 Tool Download Endpoint ToolController.java ToolController.download fileName path traversal

A vulnerability was found in kerwincui FastBee up to 1.2.1. It has been declared as critical. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument fileName results in path traversal.

This vulnerability was named CVE-2026-7676. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More