Skip to main content

Environmental Monitoring Cloud Platform EUVDEUVD-2026-14278

| CVE-2026-4536 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-03-22 VulDB GHSA-8h86-g282-cx65
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
CVSS changed
Apr 29, 2026 - 01:11 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
Severity Changed
Apr 24, 2026 - 16:37 NVD
HIGH MEDIUM
CVSS changed
Apr 24, 2026 - 16:37 NVD
7.3 (HIGH) 6.9 (MEDIUM)
PoC Detected
Mar 23, 2026 - 14:31 vuln.today
Public exploit code
EUVD ID Assigned
Mar 22, 2026 - 04:30 euvd
EUVD-2026-14278
Analysis Generated
Mar 22, 2026 - 04:30 vuln.today
CVE Published
Mar 22, 2026 - 04:02 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

An unrestricted file upload vulnerability exists in Acrel Environmental Monitoring Cloud Platform version 1.1.0, allowing unauthenticated remote attackers to upload arbitrary files to the system. The vendor was notified but did not respond, and a public proof-of-concept exploit is available on GitHub. With a CVSS score of 7.3 and public exploit code, this presents an elevated risk for organizations using the affected platform.

Technical ContextAI

This vulnerability is rooted in CWE-434 (Unrestricted Upload of File with Dangerous Type), affecting the Acrel Environmental Monitoring Cloud Platform version 1.1.0 (CPE: cpe:2.3:a:acrel:environmental_monitoring_cloud_platform:*:*:*:*:*:*:*:*). The platform fails to properly validate or restrict file uploads in some unknown processing component, allowing attackers to upload files with malicious content or dangerous file types. Environmental monitoring cloud platforms typically handle sensor data, alerts, and control systems for building or industrial environments, making them critical infrastructure targets. The lack of file type validation, content scanning, or upload restrictions enables attackers to bypass security controls and potentially execute arbitrary code or compromise system integrity.

RemediationAI

No official patch or vendor advisory is available as Acrel Co., Ltd. did not respond to vulnerability disclosure attempts. Organizations using Acrel Environmental Monitoring Cloud Platform 1.1.0 should immediately implement compensating controls including: restricting network access to the platform to trusted IP ranges only via firewall rules or VPN, implementing a web application firewall (WAF) with strict file upload filtering rules to block unauthorized file types, disabling or removing file upload functionality if not operationally required, and monitoring system logs for unusual file upload attempts or unauthorized files in upload directories. Consider migrating to an alternative environmental monitoring solution from a responsive vendor. Reference the public exploit at https://github.com/LTX-GOD/Mycve/blob/main/Acrel_Co_Ltd.md to understand attack patterns and adjust defensive measures accordingly.

Share

EUVD-2026-14278 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy