Arbitrary File Upload Vulnerability in a+HCM by aEnrich
CVE-2026-6835

5.1MEDIUM

Key Information:

Vendor: Aenrich
Status: A+hcm
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-6835?

The a+HCM application by aEnrich contains an Arbitrary File Upload vulnerability that enables unauthenticated remote attackers to upload files to any location on the server, including potentially dangerous HTML documents. This vulnerability poses a significant risk as it may facilitate cross-site scripting (XSS) attacks, leading to unauthorized actions or data breaches. Organizations using this software should take immediate steps to apply the necessary security updates to mitigate this threat.

Affected Version(s)

a+HCM 0 <= 8.1

References

https://www.twcert.org.tw/tw/cp-132-10835-cb0c2-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10836-ed15f-2.html

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-6835 Data

JSON

Aenrich

What is CVE-2026-6835?

Affected Version(s)

References

CVSS V4

Timeline