CVE-2026-4221: Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-4221?
CVE-2026-4221 has a critical severity rating due to the unrestricted file upload vulnerability that exposes the system to potential exploitation.
How do I fix CVE-2026-4221?
To fix CVE-2026-4221, upgrade to the latest version of the Tiandy Easy7 Integrated Management Platform that addresses this vulnerability.
What systems are impacted by CVE-2026-4221?
CVE-2026-4221 affects versions of the Tiandy Easy7 Integrated Management Platform, specifically version 7.17.0.
What type of attack can CVE-2026-4221 facilitate?
CVE-2026-4221 can facilitate attacks such as remote code execution by allowing unauthorized file uploads.
How can I determine if my system is vulnerable to CVE-2026-4221?
You can determine if your system is vulnerable to CVE-2026-4221 by checking if it is running Tiandy Easy7 Integrated Management Platform version 7.17.0 or earlier.