What is GHSA-rmxx-v9rj-vpvg?

GHSA-rmxx-v9rj-vpvg is a security advisory published by GitHub Security Advisories with Medium severity. An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due...

Which CVE IDs does GHSA-rmxx-v9rj-vpvg cover?

GHSA-rmxx-v9rj-vpvg covers the following CVE IDs: CVE-2026-6815. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-rmxx-v9rj-vpvg?

GHSA-rmxx-v9rj-vpvg has a CVSS v3 base score of 5.9, published by GitHub Security Advisories.

GHSA-rmxx-v9rj-vpvgMediumCVSS 5.9

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due...

Vendor

GitHub Security Advisories

Published

May 11, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-6815 →

📋 Description

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, bypassing the application's intended storage sandbox.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-6815
https://kb.cert.org/vuls/id/937808
https://www.kb.cert.org/vuls/id/937808
https://github.com/advisories/GHSA-rmxx-v9rj-vpvg