CVE-2025-26349

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions less than or equal to 2.11.0

Description: A Relative Path Traversal issue in the file upload mechanism allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests. This issue affects Q-Free MaxTime, enabling attackers to manipulate the system by sending specifically designed requests.

Recommendations: For Q-Free MaxTime versions less than or equal to 2.11.0, consider restricting access to the file upload mechanism until a patch is available. As a temporary workaround, limit the ability to upload files to only necessary users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.