Sitecore · Sitecore Xp/Xm · CVE-2023-26262
**Name of the Vulnerable Software and Affected Versions**
Sitecore XP/XM version 10.3
**Description**
An issue exists where an authenticated Sitecore user can upload language files without restrictions, leading to direct code execution on the content management server.
**Recommendations**
For Sitecore XP/XM version 10.3, consider restricting language file uploads to prevent direct code execution until a patch is available.