CVE-2026-28673 in xiaoheiFS情報

要約

〜によって MITRE • 2026年03月18日

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a `manifest.json`. The server trusts the `binaries` field in the manifest and executes the specified file without any validation of its contents or behavior, leading to Remote Code Execution (RCE). Version 0.4.0 fixes the issue.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub M

予約する

2026年03月02日

公開

2026年03月18日

モデレーション

承諾済み

エントリ

VDB-351407

CPE

準備完了

CWE

CWE-78 (確認済み)

CVSS

7.2 (CNA)

EPSS

0.00514

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28673
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28673
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28673/

◂ 前概要次 ▸

Want to know what is going to be exploited?

We predict KEV entries!