Skip to main content

Web Fax

2 CVEs product

Monthly

CVE-2026-9157 HIGH PATCH This Week

Unrestricted file upload in Gmission Web Fax versions 3.0 up to (but not including) 3.1 allows attackers to upload files of dangerous types and trigger remote code inclusion, leading to full confidentiality, integrity, and availability impact on the host. The flaw was reported by FSI and a vendor patch is available, though no public exploit code has been identified at time of analysis. Note that the CVSS 4.0 vector advertises a local attack vector (AV:L) which conflicts with the description's 'Remote Code Inclusion' wording - this discrepancy should be verified.

File Upload Web Fax
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-15070 MEDIUM This Month

Sensitive information disclosure in Gmission Web Fax 3.0 (before 3.0.1) enables a locally authenticated low-privileged user to access protected fax data without proper authorization. The root cause is missing authorization checks (CWE-200) that can be abused by an authenticated local actor to read confidential information beyond their intended access scope. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Information Disclosure Web Fax
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Unrestricted file upload in Gmission Web Fax versions 3.0 up to (but not including) 3.1 allows attackers to upload files of dangerous types and trigger remote code inclusion, leading to full confidentiality, integrity, and availability impact on the host. The flaw was reported by FSI and a vendor patch is available, though no public exploit code has been identified at time of analysis. Note that the CVSS 4.0 vector advertises a local attack vector (AV:L) which conflicts with the description's 'Remote Code Inclusion' wording - this discrepancy should be verified.

File Upload Web Fax
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Sensitive information disclosure in Gmission Web Fax 3.0 (before 3.0.1) enables a locally authenticated low-privileged user to access protected fax data without proper authorization. The root cause is missing authorization checks (CWE-200) that can be abused by an authenticated local actor to read confidential information beyond their intended access scope. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Information Disclosure Web Fax
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy