Ghostwire

CVE-2026-53909: MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side...

UNKNOWN CVSS 0.0

Published: July 1, 2026 | Last Modified: July 1, 2026

Description

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References