CVE-2026-33273

MEDIUM CVSS 4.7 View on NVD ↗

Description

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References

https://jvn.jp/en/jp/JVN33581068/
https://oss.icz.co.jp/news/?p=1386

Published: Apr 08, 2026 06:16 UTC Modified: Apr 08, 2026 21:26 UTC