Skip to main content

MetaCRM CVE-2026-8758

| EUVD-2026-30705 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-05-17 VulDB GHSA-65gp-g5gj-7rfh
File Upload
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 17, 2026 - 14:30 vuln.today
Severity Changed
May 17, 2026 - 14:22 NVD
HIGH MEDIUM
CVSS changed
May 17, 2026 - 14:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)

DescriptionNVD

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Unrestricted file upload in Metasoft MetaCRM (versions up to 6.4.0 Beta06) allows remote unauthenticated attackers to upload arbitrary files via the /common/jsp/upload3.jsp endpoint. A publicly disclosed exploit exists (CVSS E:P), enabling attackers to upload malicious files without authentication (PR:N), potentially leading to remote code execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8758 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy