HIGHCVE-2026-25201Published 2026-02-02Modified 2026-02-26CNA samsung.tv_appliance

CVE-2026-25201: An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Samsung Electronics / MagicINFO 9 Server
21.1090.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

security.samsungtv.com

Metrics