CVE-2026-14736
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
A vulnerability was found in Ruijie RG-UAC up to version 1.0-R1.8.2.p5 in the file user_auth_commit.php. An unknown function allows unrestricted file upload via manipulation of the upload_image argument. The attack can be carried out remotely and the exploit has been made public.
Risk Assessment
The organization is at risk of remote takeover of the device by uploading a malicious file, which could lead to system integrity compromise and data leakage.
Recommendation
Immediately update Ruijie RG-UAC to the latest available version and restrict access to the administrative panel to trusted IP addresses only.
Original NVD description (English source)
A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

