CVE Catalog

CVE-2026-57658

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Summary

The vulnerability allows an administrator to arbitrarily upload files in TemplateSpare versions up to and including 4.2.0. An attacker with administrator privileges can upload a malicious file to the server.

Risk Assessment

The risk involves the possibility of remote code execution or server compromise by uploading a file containing malicious software.

Recommendation

Immediately update TemplateSpare to a version newer than 4.2.0 if available. In the meantime, restrict administrator privileges and implement file type validation.

Original NVD description (English source)

Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS