{"id":"CVE-2026-1691","details":"A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.","modified":"2026-04-02T13:07:42.629297Z","published":"2026-01-30T17:16:14.150Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.343485"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.741899"},{"type":"REPORT","url":"https://github.com/bolo-blog/bolo-solo/issues/325"},{"type":"REPORT","url":"https://github.com/bolo-blog/bolo-solo/issues/325#issue-3828755519"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.343485"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adlered/bolo-solo","events":[{"introduced":"0"},{"last_affected":"e0ab6b1f57a4ba66b4a42a7b6ceafb87c33290cc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.4"}]}}],"versions":["v1.0","v1.0_stable","v1.1_stable","v1.2_stable","v1.3_stable","v1.4_stable","v1.5_stable","v1.6_stable","v1.7_stable","v1.8_stable","v1.9_stable","v2.0_stable","v2.1_stable","v2.2_stable","v2.3_stable","v2.4_stable","v2.5_sp1_stable","v2.5_stable","v2.6.1_stable","v2.6.2_stable","v2.6.3_stable","v2.6.4_stable","v2.6_stable"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1691.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}