Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Soliton Systems FileZen OS Command Injection Vulnerability

Vulnerability

Exploited

Patched

A command injection vulnerability has been identified in FileZen versions 4.2.1 through 4.2.8 and 5.0.0 through 5.0.10. When the FileZen Antivirus Check Option is enabled, a logged-in user can send a specially crafted HTTP request that executes arbitrary operating system commands. This vulnerability requires the attacker to have access to a user account on the system.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary operating system commands on the server where FileZen is running.

Remediation

Users are advised to update FileZen to version 5.0.11 or later. For versions 4.2.1 to 5.0.10, there is no workaround available.

Added: Feb 13, 2026, 4:18 AM

Updated: Feb 24, 2026, 7:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

6.9

remediation

7.7

relevance

2.8

threat

8.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

6.9

remediation

7.7

relevance

2.8

threat

8.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Soliton Systems FileZen OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Soliton Systems FileZen

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating