Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.
This issue affects Web Fax: from 3.0 before 3.1.
AnalysisAI
Unrestricted file upload in Gmission Web Fax versions 3.0 up to (but not including) 3.1 allows attackers to upload files of dangerous types and trigger remote code inclusion, leading to full confidentiality, integrity, and availability impact on the host. The flaw was reported by FSI and a vendor patch is available, though no public exploit code has been identified at time of analysis. Note that the CVSS 4.0 vector advertises a local attack vector (AV:L) which conflicts with the description's 'Remote Code Inclusion' wording - this discrepancy should be verified.
Technical ContextAI
Web Fax is a Korean fax-over-web product from Gmission (gmission.co.kr) used to send and receive faxes through a web interface. The root cause is classified under CWE-20 (Improper Input Validation) combined with an unrestricted upload of files with dangerous types - the upload handler fails to validate file content/extension before persisting the file in a server-reachable location, enabling 'Remote Code Inclusion' where attacker-supplied code is included/executed by the application. The single CPE cpe:2.3:a:gmission:web_fax:*:*:*:*:*:*:*:* indicates the entire affected product line shares the same vulnerable upload handler.
RemediationAI
Upgrade to Gmission Web Fax 3.1 or later, which is the vendor-released patched version per the affected-version range (3.0 <3.1) and the 'Patch: Available from vendor' indicator; refer to the vendor product page at https://www.gmission.co.kr/fax1 for download and release notes. If immediate patching is not possible, restrict access to the Web Fax upload endpoints to trusted management networks via firewall or reverse-proxy ACLs, disable or remove the file-upload feature in the application configuration if it is not business-critical (this will break inbound fax document handling), and add a web-server-level filter or WAF rule blocking uploads of executable extensions (.php, .jsp, .asp, .aspx, .exe, .sh) to the upload directory - note that extension-only filters can be bypassed via content-type or double-extension tricks, so they are interim, not authoritative. Ensure the upload directory is not server-executable as a hardening measure that mitigates the 'code inclusion' step even if a malicious file lands.
Same weakness CWE-20 – Improper Input Validation
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31244
GHSA-w95q-h4rm-mxfm