CVE-2024-55956CISA KEVEPSS p99.8%

CVE-2024-55956Cleo Multiple Products Unauthenticated File Upload Vulnerability

Cleo / Multiple Products

Description

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

Scoring

EPSS93.80% probability of exploitation · percentile 99.8% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2024-12-17

(incoming)1

TypeTargetConfidenceTier
KEVEntryCleo Multiple Products Unauthenticated File Upload Vulnerabilitykev-cve-2024-559560%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Cleo Multiple Products Unrestricted File Upload Vulnerability
CVE
CVE-2025-54757
CVE
Advantive VeraCore Unrestricted File Upload Vulnerability
CVE
CVE-2025-59818
CVE
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
CVE
CVE-2026-21628
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.