CVE-2026-1358 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 13, 2026
Airleader Master - Unrestricted File Upload
Overview
Airleader Master <= 6.381 contains an unrestricted file upload vulnerability in multiple webpages running with maximum privileges, letting unauthenticated attackers achieve remote code execution.
Severity & Score
Impact
Unauthenticated attackers can upload files to execute arbitrary code remotely, potentially compromising the entire server.
Mitigation
Update to the latest version beyond 6.381.
References
Social Media Activity(1 post)
Critical RCE Vulnerability in Airleader Master Industrial Monitoring Systems Airleader GmbH patched a critical unauthenticated remote code execution vulnerability (CVE-2026-1358) in its Airleader Master platform that could allow attackers to upload arbitrary files and take control of the system. **Make sure your Airleader Master is isolated from the internet and accessible only from trusted networks. Then plan a very quick update to version 6.386. If you have isolated the equipment you have a bit of breathing room, but don't forget to patch. Any isolation will be breached given enough time.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-rce-vulnerability-in-airleader-master-industrial-monitoring-systems-s-8-1-5-f/gD2P6Ple2L
View original postRelated Resources
Details
- CVE ID
- CVE-2026-1358
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- unrestricted_file_upload
- Status
- unconfirmed
- EPSS
- 13.4%
- Social Posts
- 1
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H