Airleader Master CVE-2026-1358
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
AnalysisAI
Unrestricted file upload in Airleader Master versions 6.381 and prior. Multiple webpages allow unauthenticated file upload with maximum privileges.
Technical ContextAI
CWE-434 in industrial compressed air management system. Multiple upload endpoints run with maximum privileges.
Affected ProductsAI
Airleader Master <= 6.381
RemediationAI
Apply vendor update. Restrict file upload endpoints.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today