{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1358", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-01-22T20:21:20.996Z", "datePublished": "2026-02-12T21:24:53.070Z", "dateUpdated": "2026-02-17T18:03:38.837Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Airleader Master", "vendor": "Airleader GmbH", "versions": [{"lessThanOrEqual": "6.381", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Angel Lomeli of SySS reported this vulnerability to CISA"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."}], "value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-17T18:03:38.837Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json"}, {"url": "https://airleader.us/contact/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>\nAirleader recommends that users upgrade Airleader Master to version 6.386 or later.</div><div><br></div><div>\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)&nbsp;or submit a web form (<a target=\"_blank\" rel=\"nofollow\" href=\"https://airleader.us/contact/\">https://airleader.us/contact/</a>) for more information and mitigation \nassistance.\n\n<br></div>"}], "value": "Airleader recommends that users upgrade Airleader Master to version 6.386 or later.\n\n\n\n\n\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)\u00a0or submit a web form ( https://airleader.us/contact/ ) for more information and mitigation \nassistance."}], "source": {"advisory": "ICSA-26-043-10", "discovery": "EXTERNAL"}, "title": "Airleader Master Unrestricted Upload of File with Dangerous Type", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T16:27:21.432617Z", "id": "CVE-2026-1358", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T16:27:30.492Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1358", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-13T16:27:21.432617Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T16:27:27.200Z"}}], "cna": {"title": "Airleader Master Unrestricted Upload of File with Dangerous Type", "source": {"advisory": "ICSA-26-043-10", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Angel Lomeli of SySS reported this vulnerability to CISA"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Airleader GmbH", "product": "Airleader Master", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.381"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Airleader recommends that users upgrade Airleader Master to version 6.386 or later.\n\n\n\n\n\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)\u00a0or submit a web form ( https://airleader.us/contact/ ) for more information and mitigation \nassistance.", "supportingMedia": [{"type": "text/html", "value": "<div>\nAirleader recommends that users upgrade Airleader Master to version 6.386 or later.</div><div><br></div><div>\nUsers of Airleader Master are encouraged to reach out to Airleader via \nemail (info@airleader.us)&nbsp;or submit a web form (<a target=\"_blank\" rel=\"nofollow\" href=\"https://airleader.us/contact/\">https://airleader.us/contact/</a>) for more information and mitigation \nassistance.\n\n<br></div>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json"}, {"url": "https://airleader.us/contact/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server.", "supportingMedia": [{"type": "text/html", "value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-17T18:03:38.837Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1358", "state": "PUBLISHED", "dateUpdated": "2026-02-17T18:03:38.837Z", "dateReserved": "2026-01-22T20:21:20.996Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-02-12T21:24:53.070Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Airleader Master versions 6.381 and prior allow for file uploads without\n restriction to multiple webpages running maximum privileges. This could\n allow an unauthenticated user to potentially obtain remote code \nexecution on the server."}], "id": "CVE-2026-1358", "lastModified": "2026-02-17T19:21:56.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-02-12T22:16:04.213", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://airleader.us/contact/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{"created": "2026-02-13T21:29:20.601886+00:00", "updated": "2026-02-13T21:29:20.601978+00:00", "vendors": ["airleader", "airleader$PRODUCT$airleader_master"]}