CVE Catalog

CVE-2026-11839

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

A vulnerability in Rotaban by Başarsoft Information Technologies Inc. allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.

Risk Assessment

Exploitation of this vulnerability could lead to server takeover, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update Rotaban to version V2026.06.003 or later and implement appropriate security measures to restrict the upload of dangerous files.

Original NVD description (English source)

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS