CVE-2026-1358

Airleader Master Unrestricted Upload of File with Dangerous Type

CVSS 9.3 CRITICALEPSS 1.2%CWE-434

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.3EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Airleader GmbH · Airleader Master

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://airleader.us/contact/https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt