CVE-2026-1358

Airleader Master Unrestricted Upload of File with Dangerous Type

CVSS 9.3 CRITICALEPSS 1.2%CWE-434

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.3EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 feb 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Airleader GmbH · Airleader Master

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://airleader.us/contact/https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt