CVE-2026-10806EPSS p11.1%

CVE-2026-10806CVE-2026-10806

Description

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 6.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS0.21% probability of exploitation · percentile 11.1% · 2026-06-18T12:00:27Z
Last modified2026-06-04

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10807
CVE
CVE-2026-0566
CVE
CVE-2025-12181
CVE
CVE-2026-1423
CVE
CVE-2026-10558
CVE
CVE-2026-2133
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.