Skip to main content

qihang-wms CVE-2026-37430

| EUVD-2026-29949 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-05-13 mitre GHSA-xf7x-xwx7-4g6h
RCE Java File Upload N A
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
May 14, 2026 - 20:24 vuln.today
CVSS changed
May 14, 2026 - 20:22 NVD
7.3 (HIGH)
CVE Published
May 13, 2026 - 00:00 nvd
HIGH 7.3
CVE Published
May 13, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionNVD

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.

AnalysisAI

Arbitrary file upload in qihang-wms (启航电商WMS) allows unauthenticated remote attackers to execute arbitrary code by uploading malicious files through the ShopOrderImportController component. The vulnerability affects commit 75c15a and potentially other versions of this warehouse management system. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all qihang-wms instances in production and development; immediately restrict network access to ShopOrderImportController endpoints to authorized IP ranges only. Within 7 days: Implement Web Application Firewall (WAF) rules to block file upload requests to vulnerable endpoints; conduct forensic review of upload logs for suspicious activity since deployment. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-37430 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy