CVE-2026-9157

HIGH

Remote Code Execution in Gmission Web FAX

Title source: cna

Description

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.

References (1)

Core 1

Core References

https://www.gmission.co.kr/fax1

Scores

CVSS v3 8.4

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-434

Status published

Products (1)

Gmission/Web Fax 3.0 - 3.1

Published May 21, 2026

Tracked Since May 21, 2026