CVE-2026-4221

Name of the Vulnerable Software and Affected Versions Tiandy Easy7 Integrated Management Platform version 7.17.0

Description A flaw exists within the Tiandy Easy7 Integrated Management Platform that allows for unrestricted file uploads. This issue affects the /rest/file/uploadLedImage endpoint of the Endpoint component. The File parameter can be manipulated to achieve this unrestricted upload, and the attack can be initiated remotely. The exploit for this issue has been publicly released.

Recommendations Tiandy Easy7 Integrated Management Platform version 7.17.0: Address the unrestricted upload issue in the /rest/file/uploadLedImage endpoint by validating the File parameter.