🟠 CVE-2026-33560

CVSS 评分: 8.4(高危) | 状态: Received | 发布时间: 2026-06-26

漏洞描述

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.

漏洞详情

字段
CVE ID CVE-2026-33560
CVSS 评分 8.4(高危)
CVSS 向量 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE CWE-434
发布时间 2026-06-26
最后更新 2026-06-26
状态 Received
数据来源 ics-cert@hq.dhs.gov

参考链接

🤖 本文由 CVE 安全快讯机器人自动生成
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-27 09:06