CVE-2026-6835

Summary

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

Affected Software

VendorProductVersion RangeStatus
aEnricha+HCM0 <= 8.1affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted upload of file with dangerous type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References