EUVD-2026-16577

ID: EUVD-2026-16577

Severity: high

CVSS v4: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4.

Timestamps

Normalized: 2026-03-27T13:03:12Z UTC
Last updated: 2026-03-27T13:03:12Z UTC

References

No references provided.

VulnAI

EUVD-2026-16577

Description

Timestamps

References