Unrestricted File Upload Vulnerability in Ruijie RG-UAC
CVE-2026-14736
6.9MEDIUM
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-14736?
A vulnerability exists in Ruijie RG-UAC versions up to 1.0-R1.8.2.p5, specifically within the 'user_auth_commit.php' file. This flaw allows attackers to manipulate the 'upload_image' argument, enabling unrestricted file uploads. Since the issue can be exploited remotely, it poses a significant security threat. Users and administrators should be aware of this public exploit and take appropriate measures to mitigate the risks associated.
Affected Version(s)
RG-UAC 1.0-R1.8.2.p5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
bigbrother_man (VulDB User)
