CVE-2026-6835

· NIST NVD ↗

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

MEDIUM
CVSS severity
6.1
CVSS base score
2026-04-22
Published

CWE codes

CWE-434

Sources