CVE-2026-4999

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions z-9527 admin versions prior to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2

Description A security issue has been identified in z-9527 admin. The issue resides within the uploadFile function located in the /server/utils/upload.js file, specifically within the isImg Check component. Manipulation of the fileType argument can lead to a path traversal condition. Remote exploitation is possible. The exploit has been publicly disclosed.

Recommendations Update z-9527 admin to version 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2 or later. As a temporary workaround, restrict access to the uploadFile function in the /server/utils/upload.js file. Avoid using the fileType parameter in the uploadFile function until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-4999

Affected Products

Z-9527 Admin

CVE-2026-4999

Weakness Enumeration

Related Identifiers

Affected Products

References · 8