CVE-2026-1358

Critical CVSS: 9.3

Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.

Vendor

Product

CWE

CWE-434

Yayın Tarihi

2026-02-12 22:16:04

Güncelleme

2026-03-03 21:15:57

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-434 CRITICAL 2026

Referanslar

https://airleader.us/contact/ https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt