CVE-2026-1358
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Airleader GmbH | Airleader Master | 0 <= 6.381 | affected |
Weaknesses
- CWE-434: CWE-434
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json
- https://airleader.us/contact/
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.