PatchSiren cyber security CVE debrief
CVE-2026-6211 Global IT Informatics Services Inc. CVE debrief
CVE-2026-6211 is a high-severity vulnerability in Global IT Informatics Services Inc. WEOLL, with a CVSS score of 8.7. The vulnerability is caused by an unrestricted upload of file with dangerous type, allowing attackers to access functionality not properly constrained by ACLs. This issue affects WEOLL versions from 2.0.9 before 3.2.45.33.
- Vendor
- Global IT Informatics Services Inc.
- Product
- WEOLL
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Global IT Informatics Services Inc. WEOLL, particularly those using versions between 2.0.9 and 3.2.45.33.
Technical summary
The vulnerability is caused by an unrestricted upload of file with dangerous type in Global IT Informatics Services Inc. WEOLL, allowing attackers to access functionality not properly constrained by ACLs. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N.
Defensive priority
High
Recommended defensive actions
- Update WEOLL to version 3.2.45.33 or later.
- Restrict file uploads to only allow specific, safe file types.
- Implement proper access controls and ACLs to constrain functionality.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4].
Official resources
-
CVE-2026-6211 CVE record
CVE.org
-
CVE-2026-6211 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-6211 was published on 2026-06-12T15:16:32.033Z and modified on 2026-06-12T15:51:52.407Z.