PatchSiren

halo-dev CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW halo-dev CVE published 2026-07-10

CVE-2026-15326

A path traversal vulnerability was identified in Halo-Dev Halo up to 2.24.2. The vulnerability affects the Theme Installation component, specifically the ThemeUtils.unzipThemeTo function in ThemeUtils.java. The issue allows for path traversal through manipulation of the metadata.name argument. The attack may be launched remotely. The project closed the issue as 'duplicate' but did not reference any other [truncated]