CNNVD-202601-3415 Information
Jan 21, 2026
cve
CNNVD ID
CNNVD-202601-3415
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Emoji for NodeBB是NodeBB开源的一个表情符号插件。 Emoji for NodeBB 3.2.1版本存在安全漏洞,该漏洞源于通过表情符号上传API存在任意文件写入,可能导致覆盖系统文件。
Description (English)
Emoji for NodeBB is an emoticon symbol plugin for the opening source of NodeBB. There is a security loophole in Emoji for NodeBB 3.2.1 version, which stems from the fact that any API document is uploaded through an emoticon symbol, which may result in overwhelming system files.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
NodeBB
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/NodeBB/nodebb-plugin-emoji https://nodebb.org/ https://www.exploit-db.com/exploits/49813 https://www.vulncheck.com/advisories/nodebb-plugin-emoji-arbitrary-file-write
Patch
https://github.com/NodeBB/nodebb-plugin-emoji/tags
Share on: