CVE-2026-7490

HIGH CVSS 7.2 View on NVD ↗

Description

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

https://www.twcert.org.tw/en/cp-139-10895-25ca1-2.html
https://www.twcert.org.tw/tw/cp-132-10894-1ac1f-1.html

Published: May 02, 2026 10:16 UTC Modified: May 02, 2026 10:16 UTC