Search
Find a vulnerability
Search criteria
4 vulnerabilities by SonicCloudOrg
CVE-2026-15497 (GCVE-0-2026-15497)
Vulnerability from cvelistv5 – Published: 2026-07-12 11:15 – Updated: 2026-07-12 11:15 Unsupported When Assigned
VLAI
EPSS
VEX
Title
SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection
Summary
A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377804 | vdb-entry |
| https://vuldb.com/vuln/377804/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15497 | third-party-advisory |
| https://vuldb.com/submit/844486 | third-party-advisory |
| https://github.com/xpp3901/CVE_APPLY/blob/main/V-… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SonicCloudOrg | sonic-agent |
Affected:
2.7.0
Affected: 2.7.1 Affected: 2.7.2 cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"JWT Authentication Filter"
],
"product": "sonic-agent",
"vendor": "SonicCloudOrg",
"versions": [
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.1"
},
{
"status": "affected",
"version": "2.7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xpp39 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-12T11:15:07.681Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377804 | SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/377804"
},
{
"name": "VDB-377804 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377804/cti"
},
{
"name": "CVE-2026-15497 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15497"
},
{
"name": "Submit #844486 | SonicCloudOrg SonicServer 2.7.2 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844486"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xpp3901/CVE_APPLY/blob/main/V-S001_SonicCloudPlatform_Unauth_ExchangeSend"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-11T14:29:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15497",
"datePublished": "2026-07-12T11:15:07.681Z",
"dateReserved": "2026-07-11T12:24:01.571Z",
"dateUpdated": "2026-07-12T11:15:07.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15496 (GCVE-0-2026-15496)
Vulnerability from cvelistv5 – Published: 2026-07-12 11:00 – Updated: 2026-07-12 11:00 Unsupported When Assigned
VLAI
EPSS
VEX
Title
SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection
Summary
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377803 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377803/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15496 | third-party-advisory |
| https://vuldb.com/submit/844485 | third-party-advisory |
| https://github.com/xpp3901/CVE_APPLY/tree/main/V-… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SonicCloudOrg | sonic-agent |
Affected:
2.7.0
Affected: 2.7.1 Affected: 2.7.2 cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Groovy Script Handler"
],
"product": "sonic-agent",
"vendor": "SonicCloudOrg",
"versions": [
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.1"
},
{
"status": "affected",
"version": "2.7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xpp39 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-12T11:00:07.400Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377803 | SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377803"
},
{
"name": "VDB-377803 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377803/cti"
},
{
"name": "CVE-2026-15496 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15496"
},
{
"name": "Submit #844485 | SonicCloudOrg SonicServer 2.7.2 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844485"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xpp3901/CVE_APPLY/tree/main/V-S002_SonicCloudPlatform_Groovy_Unsandboxed_RCE"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-11T14:29:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15496",
"datePublished": "2026-07-12T11:00:07.400Z",
"dateReserved": "2026-07-11T12:23:57.456Z",
"dateUpdated": "2026-07-12T11:00:07.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15495 (GCVE-0-2026-15495)
Vulnerability from cvelistv5 – Published: 2026-07-12 10:45 – Updated: 2026-07-12 10:45 Unsupported When Assigned
VLAI
EPSS
VEX
Title
SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command injection
Summary
A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377802 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377802/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15495 | third-party-advisory |
| https://vuldb.com/submit/844484 | third-party-advisory |
| https://github.com/xpp3901/CVE_APPLY/tree/main/V-… | related |
| https://github.com/xpp3901/CVE_APPLY/blob/main/V-… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SonicCloudOrg | sonic-agent |
Affected:
2.7.0
Affected: 2.7.1 Affected: 2.7.2 cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:soniccloudorg:sonic-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Android WebSocket Server"
],
"product": "sonic-agent",
"vendor": "SonicCloudOrg",
"versions": [
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.1"
},
{
"status": "affected",
"version": "2.7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xpp39 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-12T10:45:07.442Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377802 | SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377802"
},
{
"name": "VDB-377802 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377802/cti"
},
{
"name": "CVE-2026-15495 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15495"
},
{
"name": "Submit #844484 | SonicCloudOrg SonicAgent 2.7.2 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844484"
},
{
"tags": [
"related"
],
"url": "https://github.com/xpp3901/CVE_APPLY/tree/main/V-S003_SonicAgent_pullFile_CmdInjection_RCE"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xpp3901/CVE_APPLY/blob/main/V-S003_SonicAgent_pullFile_CmdInjection_RCE/poc_pullfile_rce.py"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-11T14:29:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15495",
"datePublished": "2026-07-12T10:45:07.442Z",
"dateReserved": "2026-07-11T12:23:54.881Z",
"dateUpdated": "2026-07-12T10:45:07.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6620 (GCVE-0-2026-6620)
Vulnerability from cvelistv5 – Published: 2026-04-20 08:15 – Updated: 2026-04-20 15:35
VLAI
EPSS
VEX
Title
SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal
Summary
A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/358255 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/358255/cti | signaturepermissions-required |
| https://vuldb.com/submit/792336 | third-party-advisory |
| https://github.com/ccccccctiiiiiiii-lab/public_ex… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SonicCloudOrg | sonic-server |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6620",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T15:35:21.690581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:35:54.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"File Upload Endpoint"
],
"product": "sonic-server",
"vendor": "SonicCloudOrg",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cccccccti (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T08:15:18.329Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358255 | SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358255"
},
{
"name": "VDB-358255 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358255/cti"
},
{
"name": "Submit #792336 | SonicCloudOrg sonic-server 2.0.0 Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/792336"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T18:28:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6620",
"datePublished": "2026-04-20T08:15:18.329Z",
"dateReserved": "2026-04-19T16:21:58.957Z",
"dateUpdated": "2026-04-20T15:35:54.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}