Fujian Apex LiveBOS Path Traversal (CVE-2026-7519) Exposes Systems Remotely
The National Vulnerability Database (NVD) has detailed CVE-2026-7519, a high-severity path traversal vulnerability impacting Fujian Apex LiveBOS versions up to 2.0. The flaw resides in the /feed/UploadImage.do endpoint’s handling of the filename argument, allowing attackers to manipulate file paths.
This vulnerability is remotely exploitable, meaning attackers don’t need direct network access to the internal network segment where LiveBOS might reside. The public disclosure of an exploit further escalates the risk, indicating that this isn’t theoretical – it’s actively weaponized. A CVSSv3.1 score of 7.3 (High) underscores the significant risk of compromise, including potential information disclosure, data modification, or system availability impact.
Fujian Apex recommends upgrading to LiveBOS version 2.1 to mitigate this issue. For organizations using affected versions, immediate patching is critical. This isn’t a complex attack, and the public exploit means it’s low-hanging fruit for opportunistic attackers scanning for vulnerable endpoints.
What This Means For You
- If your organization uses Fujian Apex LiveBOS, particularly versions 2.0 or earlier, you are directly exposed to remote path traversal. Audit your LiveBOS deployments immediately. Prioritize patching to version 2.1 to eliminate CVE-2026-7519. Failure to patch leaves a wide-open door for remote attackers to manipulate files and potentially compromise your system.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7519: Fujian Apex LiveBOS Path Traversal via UploadImage.do
title: CVE-2026-7519: Fujian Apex LiveBOS Path Traversal via UploadImage.do
id: scw-2026-05-01-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7519 by targeting the /feed/UploadImage.do endpoint with a filename parameter, indicating a path traversal attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-05-01
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7519/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/feed/UploadImage.do'
cs-uri-query|contains:
- 'filename='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7519 | Path Traversal | Fujian Apex LiveBOS up to 2.0 |
| CVE-2026-7519 | Path Traversal | Vulnerable file: /feed/UploadImage.do |
| CVE-2026-7519 | Path Traversal | Vulnerable component: Endpoint |
| CVE-2026-7519 | Path Traversal | Manipulation of argument: filename |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 01, 2026 at 04:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7545: SourceCodester School Management SQLi Exposes Data
CVE-2026-7545 — A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php...
Totolink A8000RU Critical OS Command Injection (CVE-2026-7538)
CVE-2026-7538 — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
CVE-2026-7536 — The Function Bsf_sess_add_by_ip_address Of The File /Nbsf-Ma Denial of Service
CVE-2026-7536 — A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF....