CVE-2026-2551
low-risk
Published 2026-02-16
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Zentao
Affected Vendors
References (4)
Permissions Required
https://vuldb.com/?ctiid.346160
Third Party Advisory
https://vuldb.com/?id.346160
Third Party Advisory
https://vuldb.com/?submit.749983
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal