FileZen contains an OS command injection vulnerability allowing authenticated users to execute arbitrary OS commands via specially crafted HTTP requests when the Antivirus Check Option is enabled. This is a critical server-side vulnerability in a file sharing platform commonly deployed as internet-facing infrastructure.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-02-13
Added to CISA KEV: 2026-02-24 11 DAYS BETWEEN CVE AND KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-25108 weaknesses.The following table lists the changes that have been made to the CVE-2026-25108 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
A list of Known Exploited Vulnerabilities.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.