CVE-2026-1791
Unknown Unknown - Not Provided
Unrestricted File Upload in Hillstone Security Gateway Enables Web Shell

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: Hillstone Networks, Inc.

Description
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1791
EUVD
EUVD-2026-5355
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hillstone_networks operation_and_maintenance_security_gateway 5.5st00001b113
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1791 is an arbitrary file upload vulnerability in the Hillstone Networks Operation and Maintenance Security Gateway. It occurs because the system does not properly validate or filter files uploaded by users.

An attacker with administrator privileges can exploit this vulnerability to upload malicious files, such as a web shell, to the affected system.

This issue affects version V5.5ST00001B113 of the product and has been assigned a low risk severity.

Impact Analysis

[{'type': 'paragraph', 'content': 'If exploited, this vulnerability allows an attacker with administrator privileges to upload arbitrary malicious files to the system.'}, {'type': 'paragraph', 'content': 'Such an attack could lead to the deployment of a web shell on the server, potentially enabling unauthorized remote control or further attacks.'}, {'type': 'paragraph', 'content': "The overall impact is limited by the requirement for administrator privileges and the vulnerability's low severity rating, but it still poses a risk to system availability and integrity."}] [1]

Mitigation Strategies

To mitigate the CVE-2026-1791 vulnerability, you should apply the official patch released by Hillstone Networks on 2025-11-05 for the affected product version V5.5ST00001B113.

If further assistance is needed, contact Hillstone technical support or professional service personnel.

Security issues can also be reported to Hillstone’s PSIRT team via [email protected].

Compliance Impact

The vulnerability allows an attacker with administrator privileges to upload arbitrary malicious files, such as a web shell, to the affected system. This could potentially lead to unauthorized access or control over the system.

While the CVE description and resources do not explicitly mention specific impacts on compliance with standards like GDPR or HIPAA, the presence of such a vulnerability could increase the risk of data breaches or unauthorized access, which are critical concerns under these regulations.

Hillstone Networks emphasizes responsible disclosure and compliance with relevant laws and regulations to protect user interests, and has released a patch to mitigate the vulnerability.

Detection Guidance

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1791. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart