Back

Multiple Vulnerabilities Discovered in kerwincui FastBee Software

Severity: High (Score: 72.0)

Sources: Nvd.Nist

Summary

Two critical vulnerabilities have been identified in kerwincui FastBee versions up to 1.2.1. CVE-2026-7676 affects the Tool Download Endpoint, allowing path traversal through the fileName argument in the ToolController.download function. CVE-2026-7677 impacts the System Notice Handler, enabling cross-site scripting via the noticeContent argument in the SysNoticeController.Add function. Both vulnerabilities can be exploited remotely, and the exploits have been publicly disclosed. The vendor was contacted prior to disclosure but did not respond. These vulnerabilities pose significant risks to users of the FastBee software, potentially leading to unauthorized access and data manipulation. Immediate attention is required for affected systems to mitigate these risks. Key Points: • CVE-2026-7676 allows path traversal in FastBee's Tool Download Endpoint. • CVE-2026-7677 enables cross-site scripting in the System Notice Handler. • Both vulnerabilities can be exploited remotely and have been publicly disclosed.

Key Entities

  • XSS (vulnerability)
  • Zero-day Exploit (attack_type)
  • CVE-2026-7676 (cve)
  • CVE-2026-7677 (cve)
  • CWE-22 - Path Traversal (cwe)
  • Cwe-79 - Cross-site Scripting (xss) (cwe)
  • Java (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed