CVE-2026-4586 | CodePhiliaX Chat2DB up to 0.3.7 JDBC Driver Upload JdbcDriverController.java upload unrestricted upload

A vulnerability identified as critical has been detected in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a manipulation results in unrestricted upload.

This vulnerability is identified as CVE-2026-4586. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4586 | CodePhiliaX Chat2DB up to 0.3.7 JDBC Driver Upload JdbcDriverController.java upload unrestricted upload

Post correlati

CVE-2023-7020 | Tongda OA 2017 up to 11.9 view.php TEMP_ID sql injection

CVE-2025-36050 | IBM QRadar SIEM up to 7.5.0 Update Package 12 log file

CVE-2024-3089 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Manage Ambulance Page manage-ambulance.php del cross-site request forgery

CVE-2024-38213 | Microsoft Windows up to Server 2022 23H2 Mark of the Web protection mechanism