File Write Vulnerability in Web Server and Endpoint Management by Vendor
CVE-2026-22102
9.3CRITICAL
What is CVE-2026-22102?
A vulnerability exists in the web server endpoint that allows an attacker to use a POST request to write files to arbitrary locations. The issue arises because the filename parameter within the Content-Disposition header is not properly validated, enabling potential denial of service by overwriting essential system files or facilitating remote code execution through the manipulation of executable scripts. This poses significant risks to system integrity and confidentiality, making it imperative for organizations to apply appropriate security measures.
Affected Version(s)
DC-80 0 < 1.5.1
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)
