CVE-2026-1061 – This vulnerability allows remote attackers to u... (How to Fix)

Q: What is the severity of CVE-2026-1061?

CVE-2026-1061 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows remote attackers to upload arbitrary files to xiweicheng TMS systems without proper restrictions. Attackers can exploit this to upload malicious files like webshells or malware. All systems running xiweicheng TMS up to version 2.28.0 are affected.

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to xiweicheng TMS systems without proper restrictions. Attackers can exploit this to upload malicious files like webshells or malware. All systems running xiweicheng TMS up to version 2.28.0 are affected.

💻 Affected Systems

Products:

xiweicheng TMS

Versions: Up to 2.28.0

Operating Systems: Any OS running Java applications

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable FileController.java component are affected regardless of configuration.

📦 What is this software?

Teamwork Management System by Xiweicheng

View all CVEs affecting Teamwork Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell upload leading to remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Attackers upload webshells to gain persistent access, deface websites, or deploy ransomware payloads.

🟢

If Mitigated

File uploads are blocked or properly validated, preventing malicious file execution.

🌐 Internet-Facing: HIGH - Remote exploitation allows direct attacks from anywhere on the internet.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this if they have network access to the system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details exist in GitHub repositories, making this easily exploitable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check for updated version beyond 2.28.0 from vendor. 2. If available, backup configuration and data. 3. Deploy updated version. 4. Restart application services. 5. Verify fix by testing file upload restrictions.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Block malicious file uploads at the WAF level by filtering upload requests containing dangerous file extensions.

File Upload Restriction

all

Configure the application server to restrict uploads to specific directories with execute permissions disabled.

🧯 If You Can't Patch

Implement strict file type validation in the FileController.java component to only allow safe extensions.
Deploy network segmentation to isolate the TMS system from critical infrastructure.

🔍 How to Verify

Check if Vulnerable:

Check if running xiweicheng TMS version 2.28.0 or earlier by examining application version files or deployment manifests.

Check Version:

Check application.properties or similar configuration files for version information.

Verify Fix Applied:

Test file upload functionality with malicious file extensions - successful uploads indicate vulnerability.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with suspicious extensions (.jsp, .php, .exe)
Multiple failed upload attempts followed by successful upload

Network Indicators:

HTTP POST requests to upload endpoints with unusual file types
Traffic spikes to upload functionality

SIEM Query:

source="web_server" AND (uri="/upload" OR uri="/file/upload") AND (file_extension="jsp" OR file_extension="php" OR file_extension="exe")

📊 Metadata

CVE ID: CVE-2026-1061

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.04% exploit probability (11.1th percentile)

Published: January 17, 2026

Last Updated: March 8, 2026

🔗 References

https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.341629 Permissions Required,VDB Entry
https://vuldb.com/?id.341629 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.731240 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1061, you might also want to check these: