{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4999", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T13:48:18.056Z", "datePublished": "2026-03-28T15:00:13.780Z", "dateUpdated": "2026-03-30T17:11:58.812Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-28T15:00:13.780Z"}, "title": "z-9527 admin isImg Check upload.js uploadFile path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "z-9527", "product": "admin", "versions": [{"version": "72aaf2dd05cf4ec2e98f390668b41e128eec5ad2", "status": "affected"}], "modules": ["isImg Check"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T14:53:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/353886", "name": "VDB-353886 | z-9527 admin isImg Check upload.js uploadFile path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/353886/cti", "name": "VDB-353886 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/778277", "name": "Submit #778277 | z-9527 admin \u2264 commit 72aaf2d Path Traversal: '../filedir'", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-9", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T17:10:57.738041Z", "id": "CVE-2026-4999", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T17:11:58.812Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4999", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T17:10:57.738041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T17:11:52.064Z"}}], "cna": {"title": "z-9527 admin isImg Check upload.js uploadFile path traversal", "credits": [{"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "z-9527", "modules": ["isImg Check"], "product": "admin", "versions": [{"status": "affected", "version": "72aaf2dd05cf4ec2e98f390668b41e128eec5ad2"}]}], "timeline": [{"lang": "en", "time": "2026-03-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-27T14:53:57.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/353886", "name": "VDB-353886 | z-9527 admin isImg Check upload.js uploadFile path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/353886/cti", "name": "VDB-353886 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/778277", "name": "Submit #778277 | z-9527 admin \u2264 commit 72aaf2d Path Traversal: '../filedir'", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-9", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-28T15:00:13.780Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4999", "state": "PUBLISHED", "dateUpdated": "2026-03-30T17:11:58.812Z", "dateReserved": "2026-03-27T13:48:18.056Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-28T15:00:13.780Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-4999", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-28T15:16:38.330", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-9"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/778277"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/353886"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/353886/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "72aaf2dd05cf4ec2e98f390668b41e128eec5ad2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "admin", "source": "cna", "vendor": "z-9527"}, "product": "admin", "vendor": "z-9527"}], "analysis": {"en": {"generated_at": "2026-03-28T16:20:56.749016+00:00", "value": {"mitigation_remediation": ["Verify the presence of the vulnerable upload endpoint by testing the fileType parameter for path traversal responses.", "If the system is found vulnerable, isolate it from external networks until a fix is applied.", "Apply any vendor-released patch or upgrade to a newer release that is newer than commit 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2.", "If a patch or upgrade is not available, disable the file upload feature or remove the isImg Check component entirely.", "Continue monitoring application logs for repeated upload attempts and known path traversal patterns.", "Persistently contact the vendor to obtain an official fix and follow their guidance."], "summary": {"action": "Assess Impact", "impact": "Remote File Upload"}, "threat_synthesis": {"affected_systems": "The affected product is z-9527 admin, with affected versions up to the commit hash 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. Because the vendor follows a rolling release model, no specific version numbers are published for patched or unpatched releases. Systems running any iteration of the component before the fix defined by that commit are considered vulnerable. The vendor has not responded to notification.", "description_and_impact": "A vulnerability exists in the uploadFile function of the z-9527 admin component, specifically within the isImg Check module located at /server/utils/upload.js. The flaw arises from improper handling of the fileType argument, allowing an attacker to perform a path traversal attack that can lead to arbitrary file writes on the server. Remote exploitation is possible, which could enable the attacker to upload malicious files or overwrite critical configuration files, potentially resulting in unauthorized code execution or persistence on the affected system.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate severity, and although EPSS data is unavailable, the vulnerability has been publicly disclosed and could be exploited remotely via the file upload endpoint without requiring authentication. The lack of a known patch and vendor inaction increase the risk of exploitation in the wild. As the vulnerability permits path traversal, an attacker could write files to arbitrary locations, which may lead to data compromise, configuration tampering, or execution of malicious code if the server subsequently processes those files."}}}}, "created": "2026-03-29T20:32:10.085877+00:00", "updated": "2026-03-30T06:59:03.592326+00:00", "vendors": ["z-9527", "z-9527$PRODUCT$admin"]}