CVE-2026-40040 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 13, 2026
Pachno - Unrestricted File Upload
Overview
Pachno 1.0.6 contains an unrestricted file upload vulnerability caused by ineffective extension filtering in the /uploadfile endpoint, letting authenticated users upload and execute arbitrary files, exploit requires authentication.
Severity & Score
Impact
Authenticated attackers can upload and execute arbitrary files, leading to remote code execution on the server.
Mitigation
Update to the latest version with fixed extension filtering.
References
Social Media Activity(2 posts)
š CVE-2026-40040 - High (8.8) Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 sc... š https://www.thehackerwire.com/vulnerability/CVE-2026-40040/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-40040 - High (8.8) Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 sc... š https://www.thehackerwire.com/vulnerability/CVE-2026-40040/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40040
- Severity
- High
- CVSS Score
- 8.8
- Type
- unrestricted_file_upload
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H