Primary

Context

Bludit Unrestricted File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A vulnerability in Bludit's API plugin allows authenticated attackers with a valid API token to upload files of any type and extension without restriction. These files can then be executed, leading to remote code execution. This issue affects all versions of Bludit prior to 3.18.4.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Bludit is hosted.

Remediation

Users can upgrade to Bludit version 3.18.4 or later to address this vulnerability.

Added: Mar 27, 2026, 12:23 PM

Updated: Mar 27, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

6.8

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

6.8

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bludit Unrestricted File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Bludit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating