Which versions of Tiandy Easy7 Integrated Management Platform are affected by CVE-2026-4221?

Tiandy Easy7 Integrated Management Platform version 7.17.0 contains a critical, actively exploited file upload vulnerability that allows unauthenticated attackers to execute arbitrary code on…

Is there a public PoC exploit available for CVE-2026-4221?

Yes, a public proof-of-concept exploit is available for CVE-2026-4221. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4221?

Within 24 hours: Identify all instances of Tiandy Easy7 7.17.0 in your environment and document network exposure. Implement network segmentation to restrict access to the /rest/file/uploadLedImage endpoint to trusted sources only. Within 7 days: Deploy WAF rules to block POST requests to the vulnerable endpoint or implement authentication enforcement at the network perimeter. Escalate vendor communication for patch timeline. Within 30 days: Evaluate alternative solutions or upgrade to a patched version if released. Conduct forensic analysis on affected systems for signs of compromise or exploitation.

Tiandy Easy7 Integrated Management Platform CVE-2026-4221

Q: What is the CVSS score of CVE-2026-4221?

CVE-2026-4221 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-12357 MEDIUM

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-16 VulDB

File Upload

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Severity Changed

Apr 22, 2026 - 21:37 NVD

HIGH MEDIUM

CVSS changed

Apr 22, 2026 - 21:37 NVD

7.3 (HIGH) 6.9 (MEDIUM)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 16, 2026 - 07:00 euvd

EUVD-2026-12357

Analysis Generated

Mar 16, 2026 - 07:00 vuln.today

CVE Published

Mar 16, 2026 - 06:32 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

An unrestricted file upload vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint. This vulnerability allows remote attackers without authentication to upload arbitrary files, potentially leading to remote code execution. …

RemediationAI

Within 24 hours: Identify all instances of Tiandy Easy7 7.17.0 in your environment and document network exposure. Implement network segmentation to restrict access to the /rest/file/uploadLedImage endpoint to trusted sources only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4221 vulnerability details – vuln.today

Back

Tiandy Easy7 Integrated Management Platform CVE-2026-4221

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tiandy Easy7 Integrated Management Platform CVE-2026-4221

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code