← volver
CVE-2026-1358

Airleader Master Unrestricted Upload of File with Dangerous Type

CVSS 9.3 CRITICALEPSS 1.2%CWE-434
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Airleader GmbH · Airleader Master

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://airleader.us/contact/https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt