CVE-2026-25099

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.18.4

Description The API plugin in Bludit allows a user with a valid API token to upload files of any type and extension without restriction. Successful exploitation of this issue can lead to Remote Code Execution. The API endpoint used for file upload does not properly validate the uploaded file's type or extension, allowing an attacker to upload and execute malicious files. The vulnerable parameter is the file itself, uploaded through the API.

Recommendations Update to version 3.18.4 or later.