CVE Catalog

CVE-2026-14736

HighCVSS 7.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile — higher than 36% of all known CVEs

Summary

A vulnerability was found in Ruijie RG-UAC up to version 1.0-R1.8.2.p5 in the file user_auth_commit.php. An unknown function allows unrestricted file upload via manipulation of the upload_image argument. The attack can be carried out remotely and the exploit has been made public.

Risk Assessment

The organization is at risk of remote takeover of the device by uploading a malicious file, which could lead to system integrity compromise and data leakage.

Recommendation

Immediately update Ruijie RG-UAC to the latest available version and restrict access to the administrative panel to trusted IP addresses only.

Original NVD description (English source)

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS