CVE-2026-1358 Airleader GmbH CVE debrief

Who should care

Airleader Master administrators, OT/ICS operators, system integrators, and incident responders responsible for exposed Airleader deployments should treat this as high priority.

Technical summary

The advisory describes an unrestricted file upload weakness in Airleader Master versions 6.381 and earlier. Because affected webpages run with maximum privileges, a successful upload could lead to server-side code execution without authentication. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical), indicating network reachability, no required privileges, and full impact if exploited.

Defensive priority

Immediate

Recommended defensive actions

• Upgrade Airleader Master to version 6.386 or later, as recommended by the vendor.
• If immediate upgrading is not possible, contact Airleader for mitigation assistance via the vendor’s published support channels.
• Limit exposure of Airleader Master interfaces to trusted administrative networks until remediation is complete.
• Review affected deployments for unexpected or unauthorized file uploads and any signs of server-side execution.
• Follow CISA ICS recommended practices referenced in the advisory for hardening and defense-in-depth measures.

Evidence notes

All substantive findings in this debrief come from the supplied CISA CSAF advisory ICSA-26-043-10 / CVE-2026-1358 source item and its embedded remediation guidance. The advisory was published and last modified on 2026-02-12T07:00:00Z. The supplied corpus does not identify KEV listing or ransomware-campaign association.

Official resources