CVE-2026-33273

Summary

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server.

Affected Software

VendorProductVersion RangeStatus
ICZ CorporationMATCHA INVOICE2.6.6 and earlieraffected

Weaknesses

  • CWE-434: Unrestricted upload of file with dangerous type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References