CVE-2026-4201
HIGHglowxq glowxq-oj SysFileController.java upload unrestricted upload
Title source: cnaDescription
A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Scores
CVSS v3
7.3
EPSS
0.0005
EPSS Percentile
16.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
CWE-434
Status
published
Products (1)
glowxq/glowxq-oj
6f7c723090472057252040fd2bbbdaa1b5ed2393
Published
Mar 16, 2026
Tracked Since
Mar 16, 2026