CVE-2026-25099 - Vulnerability Analysis
N/aLast Updated: March 30, 2026
Bludit API plugin - Remote Code Execution
Published: March 27, 2026Updated: March 30, 2026PoC Available
Overview
Bludit API plugin before 3.18.4 contains an unrestricted file upload vulnerability caused by lack of file type validation, letting authenticated attackers with valid API tokens upload and execute arbitrary files, exploit requires valid API token.
Severity & Score
Severity: N/a
Impact
Authenticated attackers can upload and execute arbitrary files, leading to remote code execution and full system compromise.
Mitigation
Update to version 3.18.4 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-25099
- Severity
- N/a
- Type
- unrestricted_file_upload
- Status
- unconfirmed
CWE
- CWE-434
CVSS Metrics
N/A