Skip to main content

Airleader Master CVE-2026-1358

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-02-12 ics-cert@hq.dhs.gov
File Upload
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 12, 2026 - 22:16 nvd
CRITICAL 9.8

DescriptionNVD

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

AnalysisAI

Unrestricted file upload in Airleader Master versions 6.381 and prior. Multiple webpages allow unauthenticated file upload with maximum privileges.

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Airleader Master instances and their versions; isolate affected systems from production networks if version 6.381 or earlier is confirmed. Within 7 days: Implement network-level restrictions (WAF rules blocking POST requests to upload endpoints, IP whitelisting); disable file upload functionality if operationally feasible; monitor logs for exploitation attempts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-1358 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy