CVE-2026-1358 CRITICAL

CVE-2026-1358: Airleader Master Unrestricted Upload of File with Dangerous Type

Vendor Airleader Gmbh
Product Airleader Master
Weakness CWE-434 · Unrestricted file upload
Published February 12, 2026
Last update March 3, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.

Key dates

02Disclosure timeline

February 12, 2026 CVE published
March 3, 2026 Record updated