CVE-2026-11839NVD

Vulnerability Summary

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.

This issue affects Rotaban: from V2026.06.002 before V2026.06.003.

Severity Level

CRITICAL(9.9)

Published Date

Jun 11, 2026

Last Modified

Jun 11, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-434: Unrestricted File Upload ↗

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0367