CVE-2026-4536

HIGH

Acrel Environmental Monitoring Cloud Platform unrestricted upload

Title source: cna

Description

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WRITEUP 2 stars

by LTX-GOD · poc

https://github.com/LTX-GOD/Mycve/tree/main/Acrel_Co_Ltd-CVE-2026-4536.md

View Code ZIP pw:eip

References (4)

[Vdb Entry] https://vuldb.com/?id.352324

[Signature, Permissions Required] https://vuldb.com/?ctiid.352324

[Third Party Advisory] https://vuldb.com/?submit.774423

[Exploit] https://github.com/LTX-GOD/Mycve/blob/main/Acrel_Co_Ltd.md

Scores

CVSS v3 7.3

EPSS 0.0005

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

Acrel/Environmental Monitoring Cloud Platform 1.1.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026