Which versions of Gmission Web Fax are affected by CVE-2026-9157?

Gmission Web Fax versions 3.0-3.0.x contain a file upload vulnerability that enables remote code execution and full system compromise; no public exploit identified at time of analysis.. A patch is available.

Gmission Web Fax CVE-2026-9157

Q: What is the CVSS score of CVE-2026-9157?

CVE-2026-9157 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31244 HIGH

Improper Input Validation (CWE-20)

2026-05-21 FSI

GHSA-w95q-h4rm-mxfm

File Upload

8.6

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 09:30 vuln.today

CVSS changed

May 21, 2026 - 09:22 NVD

8.4 (HIGH) 8.6 (HIGH)

Patch available

May 21, 2026 - 09:01 EUVD

DescriptionNVD

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.

This issue affects Web Fax: from 3.0 before 3.1.

AnalysisAI

Unrestricted file upload in Gmission Web Fax versions 3.0 up to (but not including) 3.1 allows attackers to upload files of dangerous types and trigger remote code inclusion, leading to full confidentiality, integrity, and availability impact on the host. The flaw was reported by FSI and a vendor patch is available, though no public exploit code has been identified at time of analysis. …

RemediationAI

Within 24 hours: identify and inventory all Gmission Web Fax instances running versions 3.0.x, and assess network connectivity and exposure. Within 7 days: deploy vendor patch by upgrading all affected systems to Gmission Web Fax version 3.1 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9157 vulnerability details – vuln.today

Back

Gmission Web Fax CVE-2026-9157

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Gmission Web Fax CVE-2026-9157

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code