Airleader Master Unrestricted Upload of File with Dangerous Type

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.

AI Analysis

Unrestricted file upload vulnerability allowing remote code execution

Basic Information

ID CVE-2026-1358

Source icscert

Published Feb 12, 2026 at 21:24

Affected Product

Vendor Airleader GmbH

Product Airleader Master

Affected Versions Airleader GmbH Airleader Master 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Airleader GmbH

Product Airleader Master

Version 6.381 and prior

References

{
    "lastseen": "",
    "description": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server.",
    "published": "2026-02-12T21:24:53.070Z",
    "modified": "2026-02-12T21:24:53.070Z",
    "type": "cve",
    "title": "Airleader Master Unrestricted Upload of File with Dangerous Type",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json",
    "id": "CVE-2026-1358",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Airleader GmbH Airleader Master 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Airleader Master",
    "version": "0",
    "vendor": "Airleader GmbH",
    "ai_description": "Unrestricted file upload vulnerability allowing remote code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Airleader GmbH",
    "ai_product": "Airleader Master",
    "ai_version": "6.381 and prior",
    "ai_score": 9.8
}

Airleader Master Unrestricted Upload of File with Dangerous Type_CVE-2026-1358