CNNVD-202602-1371 Information

CNNVD ID

CNNVD-202602-1371

Related CVE

CVE-2026-2216

• CNNVD Published: 2026-02-09

Description (Chinese)

WeRSS是Rachel开源的一个微信公众号系统。 WeRSS 1.4.8及之前版本存在路径遍历漏洞，该漏洞源于对文件apis/tools.py中函数download_export_file参数filename的错误操作，可能导致路径遍历。

Description (English)

WeRSS is a micro-intelligence public system at Rachel ’ s open source. WeRSS 1.4.8 and previous versions have path-to-path loopholes, which stem from the error of the function download export filefilename in file apis/tools.py, which may lead to path-to-path runs.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Rachel

Published

2026-02-09

Last Modified

2026-02-24

References

https://vuldb.com/?id.344933 https://www.notion.so/WeRSS-Path-Traversal-Vulnerability-Leads-to-Arbitrary-File-Read-2feea92a3c41804da1f1f5ddbf86e655 https://vuldb.com/?ctiid.344933 https://vuldb.com/?submit.752763 https://access.redhat.com/security/cve/cve-2026-2216