A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/bolo-blog/bolo-solo/issues/325 | Exploit Issue Tracking Vendor Advisory |
| https://github.com/bolo-blog/bolo-solo/issues/325#issue-3828755519 | Exploit Issue Tracking Vendor Advisory |
| https://vuldb.com/?ctiid.343485 | Permissions Required VDB Entry |
| https://vuldb.com/?id.343485 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.741899 | Third Party Advisory VDB Entry |
Configurations
History
03 Mar 2026, 01:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/bolo-blog/bolo-solo/issues/325 - Exploit, Issue Tracking, Vendor Advisory | |
| References | () https://github.com/bolo-blog/bolo-solo/issues/325#issue-3828755519 - Exploit, Issue Tracking, Vendor Advisory | |
| References | () https://vuldb.com/?ctiid.343485 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.343485 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.741899 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:adlered:bolo-solo:*:*:*:*:*:*:*:* | |
| First Time |
Adlered bolo-solo
Adlered |
30 Jan 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-30 17:16
Updated : 2026-03-03 01:09
NVD link : CVE-2026-1691
Mitre link : CVE-2026-1691
CVE.ORG link : CVE-2026-1691
JSON object : View
Products Affected
adlered
- bolo-solo