CVE-2026-25099
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Mar 27, 2026
Vendor
unknown
Description
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4.