Vulnerabilities

CVE-2026-25099

by Fred · 27/03/2026

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution.

This issue was fixed in 3.18.4.

More information : https://cert.pl/posts/2026/03/CVE-2026-25099

Similar

Tags: Cybersecurity Alert