CVE-2026-1691

Published: Jan 30, 2026Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Adlered: Bolo Solo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adlered Bolo Solo	Up to 2.6.4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (5)

https://github.com/bolo-blog/bolo-solo/issues/325

Source: cna@vuldb.com

ExploitIssue TrackingVendor Advisory

https://github.com/bolo-blog/bolo-solo/issues/325#issue-3828755519

Source: cna@vuldb.com

ExploitIssue TrackingVendor Advisory

https://vuldb.com/?ctiid.343485

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.343485

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.741899

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.