{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-54223", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2026-06-12T11:03:23.916Z", "datePublished": "2026-06-18T12:56:22.497Z", "dateUpdated": "2026-06-18T13:11:19.103Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "UBB.threads", "vendor": "UBB Systems", "versions": [{"lessThanOrEqual": "7.7.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kamil Szczurowski (Securitum)"}, {"lang": "en", "type": "finder", "value": "Micha\u0142 Wn\u0119kowicz (Securitum)"}], "datePublic": "2026-06-18T12:56:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application\u2019s server that application has privileges to, what results in Remote Code Execution.&nbsp;<br>Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.<br>"}], "value": "UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application\u2019s server that application has privileges to, what results in Remote Code Execution.\u00a0\nBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions."}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-06-18T12:56:22.497Z"}, "references": [{"tags": ["product"], "url": "https://www.ubbcentral.com/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2026/06/CVE-2026-54219"}], "source": {"discovery": "EXTERNAL"}, "title": "Remote Code Execution via arbitrary file read and write in UBB.threads", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-18T13:10:37.120400Z", "id": "CVE-2026-54223", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T13:11:19.103Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-54223", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-18T13:10:37.120400Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T13:11:14.534Z"}}], "cna": {"title": "Remote Code Execution via arbitrary file read and write in UBB.threads", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kamil Szczurowski (Securitum)"}, {"lang": "en", "type": "finder", "value": "Micha\u0142 Wn\u0119kowicz (Securitum)"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "UBB Systems", "product": "UBB.threads", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.7.5"}], "defaultStatus": "unknown"}], "datePublic": "2026-06-18T12:56:00.000Z", "references": [{"url": "https://www.ubbcentral.com/", "tags": ["product"]}, {"url": "https://cert.pl/en/posts/2026/06/CVE-2026-54219", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application\u2019s server that application has privileges to, what results in Remote Code Execution.\u00a0\nBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.", "supportingMedia": [{"type": "text/html", "value": "UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application\u2019s server that application has privileges to, what results in Remote Code Execution.&nbsp;<br>Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-06-18T12:56:22.497Z"}}}, "cveMetadata": {"cveId": "CVE-2026-54223", "state": "PUBLISHED", "dateUpdated": "2026-06-18T13:11:19.103Z", "dateReserved": "2026-06-12T11:03:23.916Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2026-06-18T12:56:22.497Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.7.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "UBB.threads", "source": "cna", "vendor": "UBB Systems"}, "product": "ubb.threads", "vendor": "ubb_systems"}], "created": "2026-06-18T20:30:05.277011+00:00", "updated": "2026-06-20T22:56:11.143738+00:00", "vendors": ["ubb_systems", "ubb_systems$PRODUCT$ubb.threads"]}