CVE-2026-2684

Name of the Vulnerable Software and Affected Versions Tsinghua Unigroup Electronic Archives System versions prior to 3.2.210802(62532)

Description A flaw exists in Tsinghua Unigroup Electronic Archives System that allows for unrestricted file uploads. This occurs due to a manipulation of the File argument within an unknown function of the /Archive/ErecordManage/uploadFile.html file. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not provide a response.

Recommendations Versions prior to 3.2.210802(62532) should be updated. As a temporary workaround, restrict access to the /Archive/ErecordManage/uploadFile.html file to minimize the risk of exploitation.