CVE-2026-1358

Name of the Vulnerable Software and Affected Versions Airleader Master versions 6.381 and prior

Description Airleader Master versions 6.381 and prior have a flaw allowing unrestricted file uploads to multiple webpages running with maximum privileges. This could allow an unauthenticated user to achieve remote code execution on the server. This issue affects industrial systems, particularly those managing compressed air, and poses a high risk to critical infrastructure sectors. Multiple reports indicate the potential for exploitation, with some sources describing a trivial path to remote root access.

Recommendations Apply vendor fixes or mitigations for versions prior to and including 6.381. Restrict remote access to the controller interfaces for versions prior to and including 6.381. Segment networks to limit the potential impact of exploitation for versions prior to and including 6.381.