CVE-2022-26352
dotCMS Unrestricted Upload of File Vulnerability
CVSS
—
No CVSS
EPSS
91.5%
p100
KEV
YES
Aug 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
91.5%EPSS · 30 days91.5%
2026-06-302026-07-16
Product
dotCMS / dotCMS
Vulnerability
dotCMS Unrestricted Upload of File Vulnerability
Added to KEV
Aug 25, 2022
Remediate by
Sep 15, 2022
Known ransomware use
Yes
Summary description
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://www.dotcms.com/security/SI-62; https://nvd.nist.gov/vuln/detail/CVE-2022-26352
No related CVEs by CWE or product.