CVE-2026-7673
MEDIUM · 4.7Chatter is feed noise; no real-world exploitation signals or defender churn yet.
What: Unrestricted file upload in CRMEB Java admin component (UploadServiceImpl.java) affecting versions up to 1.3.4; CVSS 4.7 (medium severity).
Why it matters: Public exploit available; vendor non-responsive to disclosure. However, not KEV-listed and CVSS is low-medium, suggesting limited real-world traction. Chatter is mostly automated CVE feed republication with no defender reports or active exploitation signals.
Where it's seen: Automated CVE alert bots (CVEarity, VulmonFeeds, CVEnew) syndicated the NVD entry within hours of publication. No security researcher analysis, PoC walkthrough, or victim reports detected.
RISK: MODERATE — Public PoC available; unpatched; low CVSS limits blast radius.
AttackerKB
view on attackerkb.com →A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Public PoCs on GitHub 2 repos
- psibirenko-svg/ALP-tutorial ★ 0
GitHub Desktop tutorial repository
- getquoteonline/NSNPartLookup.com-Lookup-Order-NSN-NIIN-Cage-Code-Parts ★ 0
NSNPartLookup.com – Lookup & Order NSN, NIIN, Cage Code Parts
Articles & coverage 12 articles
- CVE-2026-27673 Security Vulnerability Analysis & Exploit Details
The vulnerability CVE-2026-27673 could compromise system integrity but typically requires user interaction to be exploited. Attack Complexity
- Linux distributions worldwide targeted by the Copy Fail exploit
# Linux distributions worldwide targeted by the Copy Fail exploit. **An exploit for the “Copy Fail” security vulnerability (CVE-2026-31431) in the Linux kernel has been made public. Patches are available in new kernel versions; those who have not yet patched can disable the algif\_aead module as a mitigation measure. The vulnerability, registered as CVE-2026-31431 and discovered by security firm T
- NVD - CVE-2026-27673
| CVE-2026-27673 Detail **Undergoing Enrichment** --- This CVE record is currently being enriched by team members, this process results in the association of reference link tags, CVSS, CWE, and CPE applicability statement data Description Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gai
- CVE-2026-3673: Frappe XSS Vulnerability via User Tags
# CVE-2026-3673: Frappe XSS Vulnerability via User Tags. CVE-2026-3673 is a stored cross-site scripting flaw in Frappe that lets authenticated attackers inject malicious JavaScript via user tags. ## CVE-2026-3673 Overview. CVE-2026-3673 is a Stored Cross-Site Scripting (XSS) vulnerability in Frappe Framework version 16.10.10. An authenticated attacker can store a crafted tag value in the \_user\_t
- CVE-2015-7673 - CVE Details, Severity, and Analysis
CVE-2015-7673 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available. Key Points. 1
› NVD details 2 CWE ·0 vendors · 4 refs expand
Description
A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Top posts driving the trend
@CVEarityX · 5/3/2026⚡ New CVE Alert: CVE-2026-7673 📊 Severity: 4.7 🚨 Risk Level: Medium 🧩 Affects: Multiple / Unspecified Products Reference: https://t.co/e2SeotAQNf #CVE-2026-7673 #CVE #Medium #CyberSecurity #InfoSec https://t.co/3XRuxuPr8b
♥ 0 · ↻ 0 · 💬 0
@infoflowcloudX · 5/3/2026🚨*CVE* CVE-2026-7673 A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/i… https://t.co/6ekO3szvAU ----- Traducción: CVE-2026-7673 Se … https://t.co/utmtNgl3sv`
♥ 0 · ↻ 0 · 💬 0
@CVEnewX · 5/3/2026CVE-2026-7673 A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/i… https://t.co/qmwcse9dZa
♥ 0 · ↻ 0 · 💬 0
@VulmonFeedsX · 5/3/2026CVE-2026-7673 Unrestricted File Upload Vulnerability in CRMEB Java Up To 1.3.4 https://t.co/zP3624yhee Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
♥ 0 · ↻ 0 · 💬 0- @cve.skyfleet.blueBluesky · 5/3/2026
CVE-2026-7673 - crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload CVE ID : CVE-2026-7673 Published : May 3, 2026, 1:15 a.m. | 1 hour, 4 minutes ago Description : A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown c...
♥ 0 · ↻ 0 · 💬 0
