CVE-2026-53691

Redeight · Redeight CMS

Redeight CMS version 1 contains an unrestricted file upload vulnerability that may allow attackers to upload and execute malicious files on the server.

Executive summary

An unrestricted file upload vulnerability in Redeight CMS version 1 enables attackers to bypass security controls and execute arbitrary code, potentially leading to a full web server compromise.

Vulnerability

The application fails to properly validate the file type or extension of uploaded files, allowing an attacker to upload executable scripts. This vulnerability typically allows an unauthenticated or authenticated attacker with minimal privileges to achieve remote code execution.

Business impact

Successful exploitation allows an attacker to gain a foothold on the web server, which can result in data exfiltration, website defacement, or the deployment of ransomware. The CVSS score of 8.6 underscores the severity of this flaw, as it grants attackers a direct path to server-side code execution.

Remediation

Immediate Action: Upgrade to the latest version of Redeight CMS immediately to ensure proper file validation controls are in place.

Proactive Monitoring: Inspect the web server's upload directories for suspicious files and review web logs for unusual POST requests or file access patterns.

Compensating Controls: Implement a Web Application Firewall (WAF) to block requests containing suspicious file extensions or unauthorized multipart/form-data uploads.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The risk of remote code execution makes this a high-priority item for remediation. Administrators should verify the current version of their CMS and apply security updates, while simultaneously auditing server logs for any evidence of unauthorized file uploads.