CVE-2026-2551 - Vulnerability Details

- ZenTao Backup control.php delete path traversal

Description

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Published: 2026-02-16

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the delete function of ZenTao’s Backup Handler allows manipulation of the fileName argument to traverse directories, which can result in the removal of any file the web process can access. The attack is feasible remotely, and the exposed control.php endpoint accepts fileName as a parameter that is not properly validated. As a result, a compromised web user or attacker able to reach the endpoint could delete configuration files, logs, or other critical resources, potentially leading to data loss or denial of service.

Affected Systems

ZenTao versions up to 21.7.8 are affected. The vulnerability resides in the component Backup Handler, specifically the delete method within editor/control.php. Systems running older ZenTao installations or any custom deployments that include this component are at risk until the issue is remediated or the component is removed.

Risk and Exploitability

The CVSS score of 5.3 places the flaw in the moderate category, while the EPSS score of less than 1% indicates a very low current exploitation probability. It is not listed in the CISA KEV catalog, and the exploit has been publicly disclosed. The attack vector is remote, requiring only network access to the affected web server, and an attacker can trigger the vulnerability through a crafted HTTP request to the delete endpoint.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

ZenTao

affected

Version	Status	Constraints
`21.7.0`	affected	—
`21.7.1`	affected	—
`21.7.2`	affected	—
`21.7.3`	affected	—
`21.7.4`	affected	—
`21.7.5`	affected	—
`21.7.6`	affected	—
`21.7.7`	affected	—
`21.7.8`	affected	—

Configuration 1 [-]

cpe:2.3:a:zentao:zentao:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Zentao

—

Version	Status	Scheme	Platform
`21.7.0`	affected	semver	—
`21.7.1`	affected	semver	—
`21.7.2`	affected	semver	—
`21.7.3`	affected	semver	—
`21.7.4`	affected	semver	—
`21.7.5`	affected	semver	—
`21.7.6`	affected	semver	—
`21.7.7`	affected	semver	—
`21.7.8`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade ZenTao to the latest released version that contains the fix for the delete function in the Backup Handler.
If an upgrade cannot be performed immediately, disable or restrict access to the Backup Handler component or remove the delete endpoint from the web server configuration.
Configure the server’s file system permissions so that the user under which the web application runs cannot delete files in critical directories, and monitor logs for abnormal deletion attempts.

Generated by OpenCVE AI on April 17, 2026 at 19:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/ez-lbz/ez-lbz.github.io/issues/10
https://vuldb.com/?ctiid.346160
https://vuldb.com/?id.346160
https://vuldb.com/?submit.749983

History

Fri, 20 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:zentao:zentao::::::::

Tue, 17 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zentao Zentao zentao
Vendors & Products		Zentao Zentao zentao

Mon, 16 Feb 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Title		ZenTao Backup control.php delete path traversal
Weaknesses		CWE-22
References		https://github.com/ez-lbz/ez-lbz.github.io/issues/10 https://vuldb.com/?ctiid.346160 https://vuldb.com/?id.346160 https://vuldb.com/?submit.749983
Metrics		cvssV2_0 `{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Zentao Zentao

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-16T10:32:07.030Z

Updated: 2026-02-23T10:08:34.751Z

Reserved: 2026-02-15T16:20:18.187Z

Link: CVE-2026-2551

Vulnrichment

Updated: 2026-02-17T14:57:42.465Z

NVD

Status : Analyzed

Published: 2026-02-16T11:15:56.550

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2551

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:15:26Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object