CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload

🗓️ 17 Jan 2026 19:02:05Reported by VulDBType

Unrestricted remote file upload in Xiweicheng TMS FileController via filename manipulation.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-1061	17 Jan 202619:02	–	attackerkb
Circl	CVE-2026-1061	17 Jan 202620:02	–	circl
CNNVD	TMS code-related vulnerabilities	17 Jan 202600:00	–	cnnvd
CVE	CVE-2026-1061	17 Jan 202619:02	–	cve
EUVD	EUVD-2026-3130	17 Jan 202619:02	–	euvd
NVD	CVE-2026-1061	17 Jan 202619:15	–	nvd
Positive Technologies	PT-2026-3368	17 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1061	19 Jan 202602:19	–	redhatcve
Vulnrichment	CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload	17 Jan 202619:02	–	vulnrichment

[
  {
    "vendor": "xiweicheng",
    "product": "TMS",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      },
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      },
      {
        "version": "2.3",
        "status": "affected"
      },
      {
        "version": "2.4",
        "status": "affected"
      },
      {
        "version": "2.5",
        "status": "affected"
      },
      {
        "version": "2.6",
        "status": "affected"
      },
      {
        "version": "2.7",
        "status": "affected"
      },
      {
        "version": "2.8",
        "status": "affected"
      },
      {
        "version": "2.9",
        "status": "affected"
      },
      {
        "version": "2.10",
        "status": "affected"
      },
      {
        "version": "2.11",
        "status": "affected"
      },
      {
        "version": "2.12",
        "status": "affected"
      },
      {
        "version": "2.13",
        "status": "affected"
      },
      {
        "version": "2.14",
        "status": "affected"
      },
      {
        "version": "2.15",
        "status": "affected"
      },
      {
        "version": "2.16",
        "status": "affected"
      },
      {
        "version": "2.17",
        "status": "affected"
      },
      {
        "version": "2.18",
        "status": "affected"
      },
      {
        "version": "2.19",
        "status": "affected"
      },
      {
        "version": "2.20",
        "status": "affected"
      },
      {
        "version": "2.21",
        "status": "affected"
      },
      {
        "version": "2.22",
        "status": "affected"
      },
      {
        "version": "2.23",
        "status": "affected"
      },
      {
        "version": "2.24",
        "status": "affected"
      },
      {
        "version": "2.25",
        "status": "affected"
      },
      {
        "version": "2.26",
        "status": "affected"
      },
      {
        "version": "2.27",
        "status": "affected"
      },
      {
        "version": "2.28.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

23 Feb 2026 08:33Current

CVSS 45.3

CVSS 3.16.3

CVSS 36.3

CVSS 26.5

EPSS0.00357