{"cve":{"cve_id":"CVE-2026-1358","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01207,"epss_percentile":0.64385,"epss_as_of":"2026-06-23","description":"Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server.","published_at":"2026-02-12T21:24:53.070000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":9.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-434"],"nvd_references":["https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10","https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json","https://airleader.us/contact/","https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:58.914564Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"airleader-gmbh","vendor_name":"Airleader GmbH","product_slug":"airleader-master","product_name":"Airleader Master","version_start":"0","version_start_inclusive":true,"version_end":"6.381","version_end_inclusive":true,"cpe23_uri":"cve5:airleader-gmbh:airleader-master:0:6.381"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json","source_type":"MISC","tags":[]},{"url":"https://airleader.us/contact/","source_type":"MISC","tags":[]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-044.txt","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-02-12T21:24:53.070000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"}]}