CVE-2026-40521

Source
https://cve.org/CVERecord?id=CVE-2026-40521
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40521.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40521
Published
2026-06-29T12:30:12.799Z
Modified
2026-07-16T03:48:30.762547418Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload
Details

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the unique_name parameter. Attackers can supply path traversal sequences ../../../shell.php to write files outside the intended attachments directory into the web root, and by uploading PHP files without extension validation, achieve remote code execution as the web server user.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40521.json",
    "cwe_ids": [
        "CWE-22"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "2.4.20"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "2.4.20"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "2.4.20"
                }
            ],
            "source": "DESCRIPTION"
        }
    ],
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/frontaccountingerp/fa

Affected ranges

Type
GIT
Repo
https://github.com/frontaccountingerp/fa
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40521.json"