A vulnerability identified as critical has been detected in phoca.cz Phoca Downloads Plugin. Affected by this issue is some unknown functionality of the component File Upload. This manipulation causes unrestricted upload.
This vulnerability is registered as CVE-2026-57828. Remote exploitation of the attack is possible. No exploit is available.