CVE-2026-33273

MEDIUM 4.7

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

11th

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server.

Vendor	icz corporation
Product	matcha invoice
Published	Apr 8, 2026
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for icz corporation matcha invoice

Be the first to know when new medium vulnerabilities affecting icz corporation matcha invoice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected Versions

ICZ Corporation / MATCHA INVOICE

2.6.6 and earlier

References

NVD ↗ CVE.org ↗ EPSS Data ↗

oss.icz.co.jp: https://oss.icz.co.jp/news/?p=1386 jvn.jp: https://jvn.jp/en/jp/JVN33581068/