CVE-2026-4536

HIGH

Acrel Environmental Monitoring Cloud Platform unrestricted upload

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-4536. PoCs published by LTX-GOD.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2026-4536, an unauthorized file upload vulnerability in Acrel Environmental Electricity Supervision Cloud Platform. It includes root cause analysis, vulnerable code snippets, and proof of concept test results.

Description

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WRITEUP 2 stars

by LTX-GOD · poc

https://github.com/LTX-GOD/Mycve/tree/main/Acrel_Co_Ltd-CVE-2026-4536.md

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2026-4536, an unauthorized file upload vulnerability in Acrel Environmental Electricity Supervision Cloud Platform. It includes root cause analysis, vulnerable code snippets, and proof of concept test results.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Acrel Environmental Electricity Supervision Cloud Platform

No auth needed

Prerequisites: network access to vulnerable endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-352324 | Acrel Environmental Monitoring Cloud Platform unrestricted upload

https://vuldb.com/?id.352324

Signature, Permissions Required signature permissions-required

VDB-352324 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/?ctiid.352324

Third Party Advisory third-party-advisory

Submit #774423 | Acrel Co., Ltd 安科瑞环保用电监管云平台 1.1.0 Unauthorized File Upload Vulnerability

https://vuldb.com/?submit.774423

Exploit broken-link exploit

https://github.com/LTX-GOD/Mycve/blob/main/Acrel_Co_Ltd.md

Scores

CVSS v3 7.3

EPSS 0.0028

EPSS Percentile 19.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

Acrel/Environmental Monitoring Cloud Platform 1.1.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026