CVE-2026-6835 MEDIUM

CVE-2026-6835: aEnrich|a+HCM - Arbitrary File Upload

Vendor Aenrich
Product a+HCM
Weakness CWE-434 · Unrestricted file upload
Published April 22, 2026
Last update April 22, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated