Arbitrary file upload in Mycomplianceoffice Mco
CVE-2026-53909
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the ser…
Vulnerability class: Unrestricted File Upload
Affected products
- Mycomplianceoffice Mco — versions 25.3.3.1
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)