CVE-2026-7673 in crmeb_javainformation

Résumé

par MITRE • 03/05/2026

A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulDB

Divulgation

03/05/2026

Modérer

accepté

Entrée

VDB-360826

CPE

prêt

CWE

CWE-434 (confirmé)

Exploitation

Télécharger

CVSS

4.7 (VulDB)

EPSS

0.00043

KEV

non

Activités

très faible

Secteur

Finance, Pharma, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7673
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7673
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7673/

◂ Précédent Aperçu Suivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!