Vulnerabilities ›

CVE-2026-10205

Medium

CWE-284 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 4, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-10205 is a medium-severity unrestricted file upload vulnerability in Metasoft MetaCRM 6.4.0 affecting the upload.jsp component. The vulnerability allows remote attackers to upload arbitrary files without proper validation, potentially leading to remote code execution or system compromise. With public exploit disclosure and no vendor patch available, immediate mitigation is critical for affected Saudi organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 04:55

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations using Metasoft MetaCRM 6.4.0 for customer relationship management. Most at-risk sectors include: Banking and Financial Services (SAMA-regulated institutions using CRM for customer data), Government agencies (NCA oversight), Healthcare providers (managing patient information), Telecommunications (STC, Mobily, Zain customer management systems), and Retail/E-commerce sectors. The unrestricted upload capability poses severe risks to data confidentiality, integrity, and system availability, with potential for lateral movement within enterprise networks.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Retail and E-commerce Insurance Manufacturing

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1199 - Trusted Relationship T1566 - Phishing T1598 - Phishing for Information T1105 - Ingress Tool Transfer T1059 - Command and Scripting Interpreter T1053 - Scheduled Task/Job T1078 - Valid Accounts T1133 - External Remote Services T1040 - Traffic Sniffing T1021 - Remote Services

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all instances of Metasoft MetaCRM 6.4.0 in your environment and isolate affected systems from production networks if possible

2. Implement network-level access controls restricting access to upload.jsp endpoints to authorized users only

3. Enable comprehensive logging and monitoring of all file upload activities

4. Review uploaded files for suspicious content and malware signatures



Compensating Controls (until patch available):

5. Deploy Web Application Firewall (WAF) rules to block requests to develop/systparam/softlogo/upload.jsp

6. Implement strict file type validation at the application and OS level

7. Configure upload directories with execute-disabled permissions

8. Enforce file size limits and scan all uploads with antivirus/YARA rules

9. Implement application-level authentication and authorization checks



Detection Rules:

10. Monitor for POST requests to upload.jsp with suspicious file extensions (.jsp, .exe, .sh, .php)

11. Alert on file uploads exceeding expected size thresholds

12. Track creation of executable files in upload directories

13. Monitor for unusual process execution from web application directories

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حدد جميع نسخ Metasoft MetaCRM 6.4.0 في بيئتك وعزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن

2. طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقاط نهاية upload.jsp للمستخدمين المصرح لهم فقط

3. فعّل التسجيل والمراقبة الشاملة لجميع أنشطة تحميل الملفات

4. راجع الملفات المحملة بحثاً عن محتوى مريب وتوقيعات البرامج الضارة

عناصر التحكم البديلة (حتى توفر التصحيح):

5. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات إلى upload.jsp

6. طبق التحقق الصارم من نوع الملف على مستوى التطبيق ونظام التشغيل

7. كوّن دلائل التحميل بأذونات معطلة للتنفيذ

8. فرض حدود حجم الملف وفحص جميع التحميلات باستخدام قواعد مكافحة الفيروسات/YARA

9. طبق فحوصات المصادقة والتفويض على مستوى التطبيق

قواعد الكشف:

10. راقب طلبات POST إلى upload.jsp بامتدادات ملفات مريبة (.jsp, .exe, .sh, .php)

11. أصدر تنبيهات عند تحميل ملفات تتجاوز حدود الحجم المتوقعة

12. تتبع إنشاء الملفات القابلة للتنفيذ في دلائل التحميل

13. راقب تنفيذ العمليات غير المعتادة من دلائل تطبيقات الويب

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies and Procedures A.6.1.1 - Access Control Policy A.6.2.1 - User Registration and De-registration A.6.2.2 - User Access Provisioning A.7.1.1 - Cryptography Policy A.8.1.1 - Objective of Information Security Operations A.8.2.1 - Information Security Event Logging A.8.2.2 - Protection of Log Information A.8.3.1 - Malware Protection A.12.2.1 - Restrictions on Software Installation A.12.4.1 - Event Logging A.12.6.1 - Management of Technical Vulnerabilities

🔵 SAMA CSF

Governance (GV) - GV-1: Organizational Context Governance (GV) - GV-2: Risk Management Strategy Protect (PR) - PR-1: Secure Configuration Management Protect (PR) - PR-3: Access Control Protect (PR) - PR-6: Data Protection Detect (DE) - DE-1: System Monitoring Detect (DE) - DE-2: Threat and Vulnerability Management Respond (RS) - RS-1: Incident Response Planning

🟡 ISO 27001:2022

5.1 - Policies for Information Security 6.1 - Information Security Risk Assessment 6.2 - Information Security Risk Treatment 7.1 - Resources 8.1 - Operational Planning and Control 8.2 - Supply Chain Relationships 8.3 - Information and Communication A.5.1 - Policies for Information Security A.6.1 - Access Control A.6.2 - User Access Management A.8.1 - User Endpoint Devices A.8.2 - Privileged Access Rights A.8.3 - Information Access Restriction A.12.2 - Endpoints Protection A.12.6 - Management of Technical Vulnerabilities

🟣 PCI DSS v4.0.1

1.1 - Firewall Configuration Standards 6.2 - Security Patches and Updates 6.5.1 - Injection Flaws 6.5.5 - Improper Access Control 6.5.8 - Improper Error Handling 6.5.10 - Broken Authentication 8.1 - Assign Unique ID 8.2 - Strong Authentication 10.1 - Implement Audit Trails 10.2 - Automated Audit Trails 11.2 - Vulnerability Scanning

🔗 References & Sources 5

🔗

https://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink

cna@vuldb.com

🔗

https://vuldb.com/cve/CVE-2026-10205

cna@vuldb.com

🔗

https://vuldb.com/submit/821715

cna@vuldb.com

🔗

https://vuldb.com/vuln/367485

cna@vuldb.com

🔗

https://vuldb.com/vuln/367485/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-284

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-284

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10205

Introduce Yourself

Sign In Required