Vulnerability Details CVE-2025-26350
A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 4.9
Products affected by CVE-2025-26350
-
cpe:2.3:a:q-free:maxtime:-
-
cpe:2.3:a:q-free:maxtime:2.11.0