{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6620", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T16:21:58.957Z", "datePublished": "2026-04-20T08:15:18.329Z", "dateUpdated": "2026-04-20T15:35:54.833Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T08:15:18.329Z"}, "title": "SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "SonicCloudOrg", "product": "sonic-server", "versions": [{"version": "2.0", "status": "affected"}], "modules": ["File Upload Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T18:28:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "cccccccti (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358255", "name": "VDB-358255 | SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358255/cti", "name": "VDB-358255 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792336", "name": "Submit #792336 | SonicCloudOrg sonic-server 2.0.0 Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T15:35:21.690581Z", "id": "CVE-2026-6620", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T15:35:54.833Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6620", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T15:35:21.690581Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T15:35:46.241Z"}}], "cna": {"title": "SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "cccccccti (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "SonicCloudOrg", "modules": ["File Upload Endpoint"], "product": "sonic-server", "versions": [{"status": "affected", "version": "2.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-19T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-19T18:28:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/358255", "name": "VDB-358255 | SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358255/cti", "name": "VDB-358255 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792336", "name": "Submit #792336 | SonicCloudOrg sonic-server 2.0.0 Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T08:15:18.329Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6620", "state": "PUBLISHED", "dateUpdated": "2026-04-20T15:35:54.833Z", "dateReserved": "2026-04-19T16:21:58.957Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-20T08:15:18.329Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6620", "lastModified": "2026-04-20T09:16:09.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T09:16:09.990", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792336"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358255"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358255/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "sonic-server", "source": "cna", "vendor": "SonicCloudOrg"}, "product": "sonic-server", "vendor": "soniccloudorg"}], "analysis": {"en": {"generated_at": "2026-04-20T09:20:45.115406+00:00", "value": {"mitigation_remediation": ["Upgrade SonicCloudOrg sonic-server to a version that contains the path\u2011traversal fix when it becomes available.", "Validate and sanitize the Type parameter server\u2011side to allow only expected characters and disallow the use of directory traversal sequences before handling the upload.", "If the upload feature is not required, disable the upload endpoint or restrict it to a trusted internal network segment."], "summary": {"action": "Apply Patch", "impact": "Remote Path Traversal via File Upload"}, "threat_synthesis": {"affected_systems": "The flaw is present in SonicCloudOrg sonic-server versions up to and including 2.0.0. No later releases are referenced in the advisory.", "description_and_impact": "A path traversal flaw exists in the Upload function of FileTool.java in SonicCloudOrg sonic-server. By manipulating the Type argument in the file upload request the adversary can cause the server to write files to arbitrary paths. The consequence is that an attacker could overwrite critical configuration files or store malicious code, thereby exposing the system to further compromise or data exfiltration. The vulnerability is reported as remotely exploitable and a public proof\u2011of\u2011concept already exists.", "risk_and_exploitability": "The CVSS score of 5.3 places the vulnerability in the medium severity band. EPSS is not available and the flaw is not listed in the CISA KEV catalog. Because the attack vector is remote and a public exploit is available, the risk to environments running the affected version is considered moderate to high pending patch or mitigation."}}}}, "created": "2026-04-20T09:30:03.368186+00:00", "updated": "2026-04-20T14:58:00.850359+00:00", "vendors": ["soniccloudorg", "soniccloudorg$PRODUCT$sonic-server"]}