CVE-2026-25099 in Bluditinformación

Resumen (Inglés)

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution.

This issue was fixed in 3.18.4.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

CERT-PL

Reservar

2026-01-29

Divulgación

2026-03-27

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
353869	Bludit escalada de privilegios	434	No está definido	Arreglo oficial	CVE-2026-25099

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

MITRE
NVD
CVE Details

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!