CVE-2026-53691

UNKNOWN 0.0

Remote Code Execution in Redeight CMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of arbitrary PHP scripts to the publicly accessible "/uploads/files/" directory where they can be executed directly by the web server.

CWE	CWE-434
Vendor	redeight
Product	redeight cms
Published	Jun 30, 2026
Last Updated	Jun 30, 2026

Stay Ahead of the Next One

Get instant alerts for redeight redeight cms

Be the first to know when new unknown vulnerabilities affecting redeight redeight cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Redeight / Redeight CMS

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/06/CVE-2026-53690

Credits

Jacek Czepil