CVE-2026-7673

Name of the Vulnerable Software and Affected Versions crmeb java versions prior to 1.3.5

Description An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java. Manipulation of the model argument allows for remote exploitation, enabling an attacker to upload files without proper restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.