Home / Vulnerability Intelligence / CVE-2026-25099

CVE-2026-25099 - Vulnerability Analysis

N/a

Last Updated: March 27, 2026

Bludit API plugin - Remote Code Execution

Published: March 27, 2026Updated: March 27, 2026PoC Available

Overview

Bludit API plugin before 3.18.4 contains an unrestricted file upload vulnerability caused by lack of file type validation, letting authenticated attackers with valid API tokens upload and execute arbitrary files, exploit requires valid API token.

Severity & Score

Severity: N/a

Impact

Authenticated attackers can upload and execute arbitrary files, leading to remote code execution and full system compromise.

Mitigation

Update to version 3.18.4 or later.

References

https://cert.pl/posts/2026/03/CVE-2026-25099
https://github.com/bludit/bludit/releases/tag/3.18.4

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-25099
Severity: N/a
Type: unrestricted_file_upload
Status: new

CWE

CWE-434

CVSS Metrics

N/A