{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6835", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2026-04-22T02:48:35.815Z", "datePublished": "2026-04-22T03:40:36.559Z", "dateUpdated": "2026-04-22T03:40:36.559Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-04-22T03:40:36.559Z"}, "title": "aEnrich\uff5ca+HCM - Arbitrary File Upload", "datePublic": "2026-04-22T03:37:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-434", "description": "CWE-434 Unrestricted upload of file with dangerous type", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "CAPEC-17 Using Malicious Files"}]}], "affected": [{"vendor": "aEnrich", "product": "a+HCM", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "8.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect."}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10835-cb0c2-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10836-ed15f-2.html", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Please refer to the aEnrich advisory to upgrade to version 6.8 or later and install the latest patches, or contact aEnrich customer service for assistance.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Please refer to the aEnrich advisory to upgrade to version 6.8 or later and install the latest patches, or contact aEnrich customer service for assistance."}]}], "source": {"advisory": "TVN-202604005", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect."}], "id": "CVE-2026-6835", "lastModified": "2026-04-22T04:16:09.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2026-04-22T04:16:09.560", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10836-ed15f-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10835-cb0c2-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T06:07:20.747281+00:00", "value": {"mitigation_remediation": ["Upgrade a+HCM to version 6.8 or later and apply any vendor patches.", "If an upgrade is not possible, install the latest patches provided by aEnrich and consider disabling the file upload feature.", "Add server\u2011side validation to reject disallowed file types and restrict upload destinations to secure directories.", "Monitor logs for unusual upload activity."], "summary": {"action": "Patch", "impact": "Remote file upload with potential XSS"}, "threat_synthesis": {"affected_systems": "Affected customers are those running the a+HCM product from aEnrich. The advisory does not list specific vulnerable versions, so all installations that have not applied the vendor\u2019s recommended update may be vulnerable. An inventory check is advised to determine the current version and exposure.", "description_and_impact": "The a+HCM application by aEnrich suffers from an arbitrary file upload flaw that allows unauthenticated remote attackers to upload any file to any path on the server, including files with HTML extensions. This flaw is classified as CWE\u2011434. The ability to place arbitrary files, especially executable or HTML files, could lead to cross\u2011site scripting or other content\u2011injection attacks, potentially compromising the confidentiality, integrity, or availability of the application or the data it serves.", "risk_and_exploitability": "The CVSS base score of 5.1 indicates a moderate risk level. EPSS is not available, so the likelihood of exploitation is unclear, and the vulnerability is not currently listed in the CISA KEV catalog. Remote attackers can exploit the flaw without authentication, suggesting that the vulnerability should be prioritized for patching or mitigation."}}}}, "created": "2026-04-22T06:15:10.410453+00:00", "updated": "2026-04-22T06:15:10.410487+00:00", "vendors": []}