CVE Catalog
CVE-2026-39598
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
A vulnerability in Kodezen LLC Academy LMS Pro allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.
Risk Assessment
Exploitation of this vulnerability could lead to server takeover, posing a serious threat to the organization's data security.
Recommendation
It is recommended to upgrade to version 3.5.2 or later and implement appropriate security measures for file uploads.
Original NVD description (English source)
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

