CVE-2026-1358

Summary

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

Affected Software

VendorProductVersion RangeStatus
Airleader GmbHAirleader Master0 <= 6.381affected

Weaknesses

  • CWE-434: CWE-434

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References