CVE Catalog

CVE-2026-39598

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A vulnerability in Kodezen LLC Academy LMS Pro allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.

Risk Assessment

Exploitation of this vulnerability could lead to server takeover, posing a serious threat to the organization's data security.

Recommendation

It is recommended to upgrade to version 3.5.2 or later and implement appropriate security measures for file uploads.

Original NVD description (English source)

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS