CVE-2026-33273

CVSS v3.1

4.7

Medium

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2026-33273

Affected Products

Matcha Invoice

CVE-2026-33273

Weakness Enumeration

Related Identifiers

Affected Products

References · 3