CVE-2026-1126

Name of the Vulnerable Software and Affected Versions lwj Flow (affected versions not specified)

Description A security issue exists in lwj Flow related to unrestricted file uploads. The uploadFile function within the SVG File Handler component, located in the file flow-masterflow-front-restsrcmainjavacomdragonflowwebresourceflowFormResource.java, is susceptible to manipulation through the File argument. This allows for unrestricted upload capabilities and can be exploited remotely. The exploit has been publicly disclosed. The product uses a continuous delivery model, making specific version details unavailable. The project maintainers were notified of the issue but have not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.