CVE-2025-26358

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier

Description: The issue is related to improper input validation, allowing an authenticated remote attacker to modify system configuration via crafted HTTP requests. This can be achieved by sending manipulated requests to the system.

Recommendations: For Q-Free MaxTime versions 2.11.0 and earlier, update to a version later than 2.11.0 to resolve the issue. As a temporary workaround, consider restricting access to the ldbMT.so module to minimize the risk of exploitation. Avoid using crafted HTTP requests to the affected system until the issue is resolved.