Skip to main content

Gmission Web Fax EUVD-2026-31244

| CVE-2026-9157 HIGH
Improper Input Validation (CWE-20)
2026-05-21 FSI GHSA-w95q-h4rm-mxfm
File Upload
8.6
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 21, 2026 - 09:30 vuln.today
CVSS changed
May 21, 2026 - 09:22 NVD
8.4 (HIGH) 8.6 (HIGH)
Patch available
May 21, 2026 - 09:01 EUVD

DescriptionNVD

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.

This issue affects Web Fax: from 3.0 before 3.1.

AnalysisAI

Unrestricted file upload in Gmission Web Fax versions 3.0 up to (but not including) 3.1 allows attackers to upload files of dangerous types and trigger remote code inclusion, leading to full confidentiality, integrity, and availability impact on the host. The flaw was reported by FSI and a vendor patch is available, though no public exploit code has been identified at time of analysis. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: identify and inventory all Gmission Web Fax instances running versions 3.0.x, and assess network connectivity and exposure. Within 7 days: deploy vendor patch by upgrading all affected systems to Gmission Web Fax version 3.1 or later. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-31244 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy