CVE Catalog

CVE-2026-40748

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Summary

In Kids Gift Shop versions <= 0.5.4, there is a vulnerability allowing arbitrary file uploads by subscribers.

Risk Assessment

An attacker could exploit this vulnerability to upload malicious files, potentially compromising the system.

Recommendation

It is recommended to upgrade to the latest version of the application to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS