CNNVD-202601-2947 Information

CNNVD ID

CNNVD-202601-2947

Related CVE

CVE-2026-1126

• CNNVD Published: 2026-01-18

Description (Chinese)

Flow是中国lwj个人开发者的一个免费开源的企业级流程应用，结合了Flowable等主流技术开发，一种流程引擎一体化解决方案。 Flow存在代码问题漏洞，该漏洞源于对组件SVG File Handler中文件flow-masterflow-front-restsrcmainjavacomdragonflowweb esourceflowFormResource.java的参数File的错误操作，可能导致任意文件上传。

Description (English)

Flow is a free open source business process application for individual developers in lwj, China, combining mainstream technology development such as Flowable, an integrated process engine solution. Flow has a code problem loophole, which stems from an error in File’s parameter for file Flow-masterFlow-front-ressr file in component SVG File Handler.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-01-18

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.341718 https://vuldb.com/?submit.735122 https://vuldb.com/?id.341718 https://gitee.com/lwj/flow/issues/IDIQSE https://access.redhat.com/security/cve/cve-2026-1126