Severity: 7.9 High (7.0-8.9)
CVE ID: CVE-2026-10745
Details
This advisory address a vulnerability where where request text can contain restricted characters or commands.
Problem type: CWE-117
Impact: CAPEC-93
Applicability
This advisory is applicable only when
| Product Name | Impacted Version(s) | Fixed Version(s) | Released On |
|---|---|---|---|
| upKeeper Instant Privilege Access | through 1.6.1 | 1.7.0.5739 | 2026-06-02 |
Impact
This vulnerability allows users to send request text containing restricted characters or commands that will be saved to upKeeper Instant Privilege log. Logs exported to other systems that analyses or executes content contained, can be affected.
Fix
This issue has been fixed by updating upKeeper Instant Privilege Access client to 1.7.0.5739 version or later.
Acknowledgements
This vulnerability was reported by Tony Nilsson.
Please contact our security team (secure@upkeeper.se) for security related questions and product support (help@upkeeper.se) for questions about our products or services.
Comments
0 comments
Please sign in to leave a comment.