CVE-2026-40040

Name of the Vulnerable Software and Affected Versions Pachno version 1.0.6

Description An unrestricted file upload issue allows authenticated users to bypass ineffective extension filtering at the '/uploadfile' endpoint. This enables the upload of arbitrary file types, such as .php5 scripts, to web-accessible directories, which can be executed to achieve remote code execution on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.