CVE Catalog
CVE-2026-57658
CriticalCVSS 9.1Summary
The vulnerability allows an administrator to arbitrarily upload files in TemplateSpare versions up to and including 4.2.0. An attacker with administrator privileges can upload a malicious file to the server.
Risk Assessment
The risk involves the possibility of remote code execution or server compromise by uploading a file containing malicious software.
Recommendation
Immediately update TemplateSpare to a version newer than 4.2.0 if available. In the meantime, restrict administrator privileges and implement file type validation.
Original NVD description (English source)
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

