Skip to main content

Rotaban

1 CVEs product

Monthly

CVE-2026-11839 CRITICAL Act Now

Remote code execution in Başarsoft Rotaban versions V2026.06.002 through V2026.06.003 (exclusive) allows authenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The flaw stems from missing validation of uploaded file types (CWE-434) and was reported by TR-CERT; no public exploit identified at time of analysis, but the CVSS 9.9 score and scope-change indicator make this a high-priority patch target for any Rotaban deployment.

File Upload Rotaban
NVD
CVSS 3.1
9.9
EPSS
0.0%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Remote code execution in Başarsoft Rotaban versions V2026.06.002 through V2026.06.003 (exclusive) allows authenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The flaw stems from missing validation of uploaded file types (CWE-434) and was reported by TR-CERT; no public exploit identified at time of analysis, but the CVSS 9.9 score and scope-change indicator make this a high-priority patch target for any Rotaban deployment.

File Upload Rotaban
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy