What is the CVSS score of CVE-2024-50620?

CVE-2024-50620 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Cipace are affected by CVE-2024-50620?

Cipace versions up to 9.17 contain a critical file upload vulnerability that allows attackers to upload and execute dangerous file types, potentially leading to complete system compromise.

How to fix or mitigate CVE-2024-50620?

Within 24 hours: Inventory all Cipace instances and document versions; disable file upload functionality if operationally feasible, or restrict uploads to whitelisted file types only. Within 7 days: Implement network segmentation to isolate Cipace servers and deploy WAF rules to block suspicious file uploads; conduct access logs review for exploitation indicators. Within 30 days: Evaluate migration to unaffected Cipace version or alternative solution; perform forensic analysis if any suspicious uploads detected; implement enhanced file validation and sandboxing.

Cipace CVE-2024-50620

HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-02-11 cve@mitre.org

File Upload Cipace

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 21:16 nvd

HIGH 8.8

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.

AnalysisAI

Cipace versions up to 9.17. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

Technical ContextAI

This vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) affects Cipace. Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

CVE-2024-50620 vulnerability details – vuln.today

Back

Cipace CVE-2024-50620

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code