CVE-2026-15553 PUBLISHED

Ragic|Enterprise Cloud Database - Arbitrary File Upload

Assigner: twcert
Reserved: 13.07.2026 Published: 13.07.2026 Updated: 13.07.2026

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor Ragic
Product Enterprise Cloud Database
Versions Default: unaffected
  • Version all is affected

Solutions

No action is required for the cloud version; the on-premises version must be updated to the patch released on or after April 10, 2026.

References

Problem Types

  • CWE-434 Unrestricted upload of file with dangerous type CWE