What is CVE-2026-24479?

CVE-2026-24479 is a vulnerability in Zhblue Hustoj, classified under Path Traversal. Published 2026-01-27.

Is CVE-2026-24479 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Zhblue Hustoj

CVE-2026-24479

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within upload…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.589 (98.3th percentile) — read the EPSS interpretation.

Affected products

Zhblue Hustoj — versions < 26.01.24

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

https://github.com/zhblue/hustoj/security/advisories/GHSA-xmgg-2rw4-7fxj (x_refsource_CONFIRM)
https://github.com/zhblue/hustoj/commit/902bd09e6d0011fe89cd84d4236899314b33101f (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-24479?: CVE-2026-24479 is a vulnerability in Zhblue Hustoj, classified under Path Traversal. Published 2026-01-27.
Is CVE-2026-24479 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.