https://blog.qife122.com/tags/cve-2026-21857/ Recent content in CVE-2026-21857 on 办公AI智能小助手 Hugo zh-cn qife Mon, 12 Jan 2026 18:35:50 +0800 https://blog.qife122.com/p/redaxo%E5%A4%87%E4%BB%BD%E6%8F%92%E4%BB%B6%E8%B7%AF%E5%BE%84%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E%E8%A7%A3%E6%9E%90cve-2026-21857%E8%87%B4%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/ Mon, 12 Jan 2026 18:35:50 +0800 https://blog.qife122.com/p/redaxo%E5%A4%87%E4%BB%BD%E6%8F%92%E4%BB%B6%E8%B7%AF%E5%BE%84%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E%E8%A7%A3%E6%9E%90cve-2026-21857%E8%87%B4%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/ <h1 id="redaxo备份插件路径遍历漏洞解析cve-2026-21857致任意文件读取">Redaxo备份插件路径遍历漏洞解析：CVE-2026-21857致任意文件读取</h1> <h2 id="漏洞概览">漏洞概览</h2> <p>Redaxo CMS的备份插件存在路径遍历漏洞，允许具有备份权限的认证用户读取Web根目录下的任意文件。该漏洞被标记为高危级别，CVSS评分为8.3。</p>