HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-6211Published Modified CNA TR-CERT

CVE-2026-6211: Arbitrary File Upload in Global IT's WEOLL

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33.

Metrics

CVSS v3.1
8.7
Severity
HIGH
Fixed in
3.2.45.33
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An arbitrary file upload vulnerability exists in Global IT Informatics Services Inc. WEOLL, affecting versions from 2.0.9 up to (but not including) 3.2.45.33. The vulnerability is reachable over the network and requires a low-privilege authenticated account plus a victim interaction step; it bypasses access controls by allowing upload of dangerous file types, which gives an attacker the ability to read sensitive data and tamper with application content across scopes beyond the originating user context. A patched-image rebuild at version 3.2.45.33 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-6211 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against images in customer registries, CI/CD pipelines, and custom-built images to flag any WEOLL installation in the affected version range (2.0.9 to before 3.2.45.33).

Available
Triage

Triage is available with the full CVSS v3.1 score of 8.7 (HIGH) applied to each matched image, weighted against the per-environment compliance policy configured by the customer org; findings are routed to the appropriate team inbox based on policy-defined ownership rules.

Available
Patch

A patched-image rebuild targeting WEOLL version 3.2.45.33 is available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, the platform performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the WEOLL service over the network; the vulnerability is exposed via a standard network-accessible endpoint.

  • AuthenticationRequired

    Any low-privilege authenticated account is sufficient; no administrative credentials are needed to exploit the file upload endpoint.

  • Victim interactionRequired

    A victim user must take an action (such as loading or accessing content delivered through the uploaded file) for the exploit to complete its intended effect.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

  • An attacker can upload server-executable files (such as web shells or scripts) that run in the application context, bypassing access control restrictions.
  • Confidentiality impact is high: the attacker gains the ability to read stored application data, session tokens, and other sensitive records accessible to the WEOLL process.
  • Integrity impact is high: the attacker can modify persisted application files, overwrite existing content, or introduce malicious payloads into the application file system.
  • Because the scope token is Changed (S:C), impact can extend beyond the vulnerable WEOLL component to other resources or services on the same host or platform.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-6211 is active across all connected environments, with images matched against the affected version range within minutes of CVE publication. Where a customer image is identified as running WEOLL between versions 2.0.9 and 3.2.45.33, a patched-image rebuild at version 3.2.45.33 is available immediately. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test pass, and opens a pull request against affected workloads; for HIGH-severity issues, the median time from CVE publication to a merged patch PR in auto-remediation-enabled environments is around 90 minutes. Where compliance policy requires manual review before merge, the PR and full finding detail are routed to the configured team inbox for expedited approval.

See how HarborGuard automates this

Fix available

3.2.45.33
Affected packages
  • Global IT Informatics Services Inc. / WEOLL
    < 3.2.45.33 (from 2.0.9)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
References