Search criteria
1 vulnerability by Airleader GmbH
CVE-2026-1358 (GCVE-0-2026-1358)
Vulnerability from cvelistv5 – Published: 2026-02-12 21:24 – Updated: 2026-02-17 18:03
VLAI?
Title
Airleader Master Unrestricted Upload of File with Dangerous Type
Summary
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Airleader GmbH | Airleader Master |
Affected:
0 , ≤ 6.381
(custom)
|
Credits
Angel Lomeli of SySS reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T16:27:21.432617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T16:27:30.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airleader Master",
"vendor": "Airleader GmbH",
"versions": [
{
"lessThanOrEqual": "6.381",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angel Lomeli of SySS reported this vulnerability to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."
}
],
"value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:03:38.837Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json"
},
{
"url": "https://airleader.us/contact/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nAirleader recommends that users upgrade Airleader Master to version 6.386 or later.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)\u0026nbsp;or submit a web form (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://airleader.us/contact/\"\u003ehttps://airleader.us/contact/\u003c/a\u003e) for more information and mitigation \nassistance.\n\n\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Airleader recommends that users upgrade Airleader Master to version 6.386 or later.\n\n\n\n\n\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)\u00a0or submit a web form ( https://airleader.us/contact/ ) for more information and mitigation \nassistance."
}
],
"source": {
"advisory": "ICSA-26-043-10",
"discovery": "EXTERNAL"
},
"title": "Airleader Master Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1358",
"datePublished": "2026-02-12T21:24:53.070Z",
"dateReserved": "2026-01-22T20:21:20.996Z",
"dateUpdated": "2026-02-17T18:03:38.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}