Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
Unsecured File Uploads in [Software] Allow Unauthenticated Remote Code Execution
CVE-2026-21628
Summary
An issue in [Software] allows attackers to upload malicious files without logging in, which can enable them to execute unauthorized code on your server. This could lead to data theft, system compromise, or other security breaches. To protect your system, update [Software] to the latest version and configure secure file upload settings.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| templaza | astroid_framework | > 2.0.0 , <= 3.3.10 | – |
Original title
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
Original description
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
nvd CVSS4.0
10.0
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026