CVE-2026-13528 | YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT AppFileController File Upload Endpoint FileServiceImpl.java generateUploadPath path traversal (Issue 1146)

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT . It has been rated as critical . The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint . Performing a manipulation results in path traversal. This vulnerability is known as CVE-2026-13528 . Remote exploitation of the attack is possible. Fur