CVE-2026-4201
Awaiting Analysis Awaiting Analysis - Queue
Unrestricted File Upload in glowxq SysFileController (Remote Exploit

Publication date: 2026-03-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4201
EUVD
EUVD-2026-12273
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
glowxq glowxq_oj to 6f7c723090472057252040fd2bbbdaa1b5ed2393 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-4201 is an unauthenticated arbitrary file upload vulnerability in the glowxq-oj software, specifically in the SysFileController class's upload function. This controller disables all authentication checks, allowing attackers to upload any file type without validation or restrictions."}, {'type': 'paragraph', 'content': 'Because of this, attackers can upload malicious files such as HTML or SVG files that become immediately accessible via a public URL. This enables attacks like phishing, stealing user cookies, and executing client-side attacks including stored Cross-Site Scripting (XSS).'}] [1, 2]

Impact Analysis

This vulnerability allows remote attackers to upload malicious files without authentication, which can compromise the confidentiality, integrity, and availability of the affected system.

  • Attackers can conduct phishing attacks by hosting malicious HTML files.
  • User cookies can be stolen through malicious uploaded content.
  • Stored Cross-Site Scripting (XSS) attacks can be executed, potentially affecting users of the system.

Since the vulnerability requires no authentication and can be exploited remotely, it poses a high risk and can lead to significant security breaches.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves an unauthenticated arbitrary file upload in the glowxq-oj software, specifically in the SysFileController upload endpoint which accepts any file type without validation.'}, {'type': 'paragraph', 'content': 'Detection can focus on monitoring HTTP requests to the upload endpoint for suspicious file uploads, especially files with extensions like .html or .svg that could be used for phishing or XSS attacks.'}, {'type': 'paragraph', 'content': 'Network or system administrators can use web server logs or network traffic analysis tools to identify unusual POST requests to the upload URL.'}, {'type': 'paragraph', 'content': 'Suggested commands include using tools like curl or wget to test the upload endpoint manually, for example:'}, {'type': 'list_item', 'content': "curl -X POST -F '[email protected]' http://target/upload_endpoint"}, {'type': 'list_item', 'content': "grep or tail commands on web server logs to find POST requests to the upload endpoint, e.g., grep 'POST /upload' /var/log/nginx/access.log"}, {'type': 'list_item', 'content': 'Using intrusion detection systems (IDS) or web application firewalls (WAF) to alert on file uploads with suspicious extensions or patterns.'}] [1, 2]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting or disabling the vulnerable upload functionality if possible, to prevent unauthenticated file uploads.'}, {'type': 'paragraph', 'content': 'Since the vulnerability allows unrestricted file uploads without authentication, it is critical to implement validation and restrictions on file types accepted by the upload endpoint.'}, {'type': 'paragraph', 'content': "If patching or vendor fixes are unavailable due to the product's rolling release model and lack of vendor response, consider replacing the affected product with a secure alternative."}, {'type': 'paragraph', 'content': 'Additionally, monitor and remove any suspicious uploaded files and restrict public access to uploaded files if possible.'}, {'type': 'paragraph', 'content': 'Deploy web application firewalls (WAFs) or intrusion prevention systems (IPS) to block malicious upload attempts.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4201. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart