Security Advisory

CVE-2026-25099

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-27 11:55:23

Last updated 2026-03-27 12:42:38

Assigner CERT-PL

State PUBLISHED

Description

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4.

← Browse all CVEs View on cve.org ↗