CVE-2026-6257 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 20, 2026
Vvveb CMS - Remote Code Execution
Overview
Vvveb CMS v1.0.8 contains a remote code execution caused by a missing return statement in the file rename handler in media management, letting authenticated attackers rename files to .php or .htaccess and execute arbitrary OS commands.
Severity & Score
Impact
Authenticated attackers can execute arbitrary operating system commands as the www-data user, leading to full server compromise.
Mitigation
Update to the latest version of Vvveb CMS.
References
Social Media Activity(2 posts)
š“ CVE-2026-6257 - Critical (9.1) Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htacces... š https://www.thehackerwire.com/vulnerability/CVE-2026-6257/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-6257 - Critical (9.1) Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htacces... š https://www.thehackerwire.com/vulnerability/CVE-2026-6257/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-6257
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- remote_code_execution
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H