CVE Catalog
CVE-2026-27419
CriticalCVSS 9.9Summary
The Zegen plugin in versions 1.1.9 and earlier allows a subscriber to upload arbitrary files to the server. This vulnerability can be exploited to upload malicious software without proper authorization.
Risk Assessment
An attacker with a subscriber role can upload an executable file, leading to server compromise, data theft, or further propagation of the attack within the organization's network.
Recommendation
Immediately update the Zegen plugin to the latest available version that fixes this vulnerability. Additionally, restrict subscriber file upload permissions to only allowed file types.
Original NVD description (English source)
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

