Arbitrary file upload in Mycomplianceoffice Mco

CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the ser…

Vulnerability class: Unrestricted File Upload

Affected products

Weakness classification (CWE)

References