LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-27067

CVE-2026-27067 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 19, 2026

Syarif Mobile App Editor - Unrestricted File Upload

Published: March 19, 2026Updated: March 19, 2026Remote Exploitable

Overview

Syarif Mobile App Editor <= 1.3.1 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can upload malicious web shells, leading to remote code execution and full server compromise.

Mitigation

Update to the latest version.

References

Social Media Activity(4 posts)

Offensive Sequence
Offensive Sequence
@offseq
Mar 19, 2026

šŸšØ CRITICAL (CVSS 9.1): Syarif Mobile App Editor ā‰¤1.3.1 hit by CWE-434 unrestricted file upload (CVE-2026-27067). Allows web shell deployment & full compromise. Enforce strict validation, monitor uploads, patch ASAP! https://radar.offseq.com/threat/cve-2026-27067-cwe-434-unrestricted-upload-of-file-001b9b9d #OffSeq #CVE202627067 #Infosec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 19, 2026

šŸ”“ CVE-2026-27067 - Critical (9.1) Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-27067/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 19, 2026

šŸšØ CRITICAL (CVSS 9.1): Syarif Mobile App Editor ā‰¤1.3.1 hit by CWE-434 unrestricted file upload (CVE-2026-27067). Allows web shell deployment & full compromise. Enforce strict validation, monitor uploads, patch ASAP! https://radar.offseq.com/threat/cve-2026-27067-cwe-434-unrestricted-upload-of-file-001b9b9d #OffSeq #CVE202627067 #Infosec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 19, 2026

šŸ”“ CVE-2026-27067 - Critical (9.1) Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-27067/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-27067
Severity
Critical
CVSS Score
9.1
Type
unrestricted_file_upload
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days