CVE 8.6 HIGH

Sunnet｜CTMS and CPAS – Arbitrary File Upload_CVE-2026-7490

May 2, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server.

Basic Information

ID CVE-2026-7490

Source twcert

Published May 2, 2026 at 09:06

Affected Product

Vendor Sunnet

Product CTMS and CPAS

Affected Versions Sunnet CTMS 0
Sunnet CPAS 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Sunnet

Product CTMS and CPAS

References

{
    "lastseen": "",
    "description": "CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-05-02T09:06:25.153Z",
    "modified": "2026-05-02T09:06:25.153Z",
    "type": "cve",
    "title": "Sunnet\uff5cCTMS and CPAS - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10894-1ac1f-1.html\nhttps://www.twcert.org.tw/en/cp-139-10895-25ca1-2.html",
    "id": "CVE-2026-7490",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Sunnet CTMS 0\nSunnet CPAS 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CTMS and CPAS",
    "version": "0",
    "vendor": "Sunnet",
    "ai_description": "Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server.",
    "ai_severity": "High",
    "ai_vendor": "Sunnet",
    "ai_product": "CTMS and CPAS",
    "ai_version": "0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply