CVE-2026-1126 | lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641 SVG File FormResource.java uploadFile unrestricted upload (IDIQSE)

A vulnerability was found in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. It has been classified as critical. This affects the function uploadFile of the file flow-masterflow-front-restsrcmainjavacomdragonflowwebresourceflowFormResource.java of the component SVG File Handler. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2026-1126. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1126 | lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641 SVG File FormResource.java uploadFile unrestricted upload (IDIQSE)

Post correlati

CVE-2024-36176 | Adobe Experience Manager up to 6.5.20 cross site scripting (apsb24-28)

CVE-2024-20437 | Cisco IOS XE up to 17.12.1y Web UI cross-site request forgery (cisco-sa-webui-csrf-ycUYxkKO)

CVE-2025-12744 | ABRT up to 2.17.6 os command injection

CVE-2025-0318 | Ultimate Member Plugin up to 2.9.1 on WordPress information disclosure