Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 16.1%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-53909


Contact Us

Shodan ® - All rights reserved