Which versions of Acrel Environmental Monitoring Cloud Platform are affected by CVE-2026-4536?

An unauthenticated file upload vulnerability in Acrel Environmental Monitoring Cloud Platform v1.1.0 allows attackers to upload malicious files without credentials.

Is there a public PoC exploit available for CVE-2026-4536?

Yes, a public proof-of-concept exploit is available for CVE-2026-4536. Prioritise patching immediately. EPSS: 0.0%.

Acrel Environmental Monitoring Cloud Platform CVE-2026-4536

Q: What is the CVSS score of CVE-2026-4536?

CVE-2026-4536 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-14278 MEDIUM

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-22 VulDB

GHSA-8h86-g282-cx65

File Upload

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Severity Changed

Apr 24, 2026 - 16:37 NVD

HIGH MEDIUM

CVSS changed

Apr 24, 2026 - 16:37 NVD

7.3 (HIGH) 6.9 (MEDIUM)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 04:30 euvd

EUVD-2026-14278

Analysis Generated

Mar 22, 2026 - 04:30 vuln.today

CVE Published

Mar 22, 2026 - 04:02 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

An unrestricted file upload vulnerability exists in Acrel Environmental Monitoring Cloud Platform version 1.1.0, allowing unauthenticated remote attackers to upload arbitrary files to the system. The vendor was notified but did not respond, and a public proof-of-concept exploit is available on GitHub. …

RemediationAI

Within 24 hours: Inventory all systems running Acrel v1.1.0 and isolate them from critical networks if possible; enable logging on upload endpoints. Within 7 days: Deploy WAF rules to block suspicious file uploads and implement IP-based access restrictions to the platform; contact Acrel for patch status and timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4536 vulnerability details – vuln.today

Back

Acrel Environmental Monitoring Cloud Platform CVE-2026-4536

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Acrel Environmental Monitoring Cloud Platform CVE-2026-4536

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code