CVE-2026-11839
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
A vulnerability in Rotaban by Başarsoft Information Technologies Inc. allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.
Risk Assessment
Exploitation of this vulnerability could lead to server takeover, posing a serious threat to the organization's data security.
Recommendation
It is recommended to update Rotaban to version V2026.06.003 or later and implement appropriate security measures to restrict the upload of dangerous files.
Original NVD description (English source)
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003.

