HIGHCVE-2026-7490Published 2026-05-02Modified 2026-05-04CNA twcert

CVE-2026-7490: Sunnet｜CTMS and CPAS - Arbitrary File Upload

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVSS v4.0: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

Sunnet / CTMS
0
Sunnet / CPAS
0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

twcert.org.tw
twcert.org.tw

Metrics