CVE-2026-4221 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint uploadLedImage File unrestricted upload

Inserito da Angelo Barbosa | Mar 15, 2026 | CVE

A vulnerability labeled as critical has been found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload.

This vulnerability is cataloged as CVE-2026-4221. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4221 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint uploadLedImage File unrestricted upload

Post correlati

CVE-2025-9142 | Check Point Hramony SASE Working Directory path traversal

CVE-2023-43017 | IBM Security Verify Access Appliance up to 10.0.6.1 Configuration File certificate validation (XFDB-266155)

CVE-2024-4420 | Tink Tink-cc up to 2.1.2 JsonKeysetReader denial of service

CVE-2024-41132 | SixLabors ImageSharp up to 2.1.8/3.1.4 Files memory allocation