LOW
halo-dev
CVE published 2026-07-10
CVE-2026-15326
A path traversal vulnerability was identified in Halo-Dev Halo up to 2.24.2. The vulnerability affects the Theme Installation component, specifically the ThemeUtils.unzipThemeTo function in ThemeUtils.java. The issue allows for path traversal through manipulation of the metadata.name argument. The attack may be launched remotely. The project closed the issue as 'duplicate' but did not reference any other [truncated]