Which versions of Tsinghua Unigroup Electronic Archives System are affected by CVE-2026-2684?

CVE-2026-2684 affects our Electronic Archives System, allowing unauthorized access to sensitive documents through improper access controls.

Is there a public PoC exploit available for CVE-2026-2684?

Yes, a public proof-of-concept exploit is available for CVE-2026-2684. Prioritise patching immediately. EPSS: 0.0%.

Tsinghua Unigroup Electronic Archives System CVE-2026-2684

Q: What is the CVSS score of CVE-2026-2684?

CVE-2026-2684 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

Improper Access Control (CWE-284)

2026-02-19 cna@vuldb.com

Authentication Bypass File Upload

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

HIGH MEDIUM

CVSS changed

Apr 29, 2026 - 01:11 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

PoC Detected

Mar 03, 2026 - 16:44 vuln.today

Public exploit code

CVE Published

Feb 19, 2026 - 00:16 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Electronic Archives System versions up to 3.2.210802 is affected by improper access control (CVSS 7.3).

RemediationAI

Within 24 hours: Inventory all Electronic Archives System instances and their versions; isolate affected systems from untrusted networks if possible. Within 7 days: Implement network segmentation to restrict access to the Archives System; deploy WAF rules to block suspicious access patterns; enable enhanced logging and monitoring for unauthorized access attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2684 vulnerability details – vuln.today

Back

Tsinghua Unigroup Electronic Archives System CVE-2026-2684

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tsinghua Unigroup Electronic Archives System CVE-2026-2684

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code