Rotaban
Monthly
Remote code execution in Başarsoft Rotaban versions V2026.06.002 through V2026.06.003 (exclusive) allows authenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The flaw stems from missing validation of uploaded file types (CWE-434) and was reported by TR-CERT; no public exploit identified at time of analysis, but the CVSS 9.9 score and scope-change indicator make this a high-priority patch target for any Rotaban deployment.
Remote code execution in Başarsoft Rotaban versions V2026.06.002 through V2026.06.003 (exclusive) allows authenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The flaw stems from missing validation of uploaded file types (CWE-434) and was reported by TR-CERT; no public exploit identified at time of analysis, but the CVSS 9.9 score and scope-change indicator make this a high-priority patch target for any Rotaban deployment.