CVE-2026-8758: Metasoft MetaCRM Unrestricted File Upload Exposes Systems

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityunrestricted-file-uploadcwe-284cwe-434
CVE-2026-8758: Metasoft MetaCRM Unrestricted File Upload Exposes Systems

The National Vulnerability Database has disclosed CVE-2026-8758, a high-severity vulnerability (CVSS 7.3) in Metasoft 美特软件 MetaCRM up to version 6.4.0 Beta06. This flaw, categorized as CWE-284 (Improper Privilege Management) and CWE-434 (Unrestricted Upload of File with Dangerous Type), allows for unrestricted file upload through a manipulation of the File argument in /common/jsp/upload3.jsp.

This is not a theoretical bug; the exploit has been publicly disclosed and is actively available. Attackers can leverage this remotely, meaning any internet-facing MetaCRM instance is a potential target. The vendor was reportedly unresponsive to early disclosure attempts, leaving organizations exposed to a known, exploitable flaw.

Unrestricted file upload vulnerabilities are critical because they often lead to remote code execution. An attacker can upload a web shell or other malicious script, then execute it on the server, gaining full control. This bypasses typical authentication and authorization controls, turning a CRM system into a launchpad for further network penetration or data exfiltration. The fact that this is public and unpatched is a significant risk.

What This Means For You

  • If your organization uses Metasoft MetaCRM, assume compromise. This isn't a theoretical risk; the exploit is public. Immediately audit all instances for suspicious files in the `/common/jsp/upload3.jsp` directory and related web accessible paths. Isolate these systems and review logs for unauthorized file uploads or unusual process execution.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: File Upload Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-8758: Metasoft MetaCRM Unrestricted File Upload via upload3.jsp

Sigma YAML — free preview 
title: CVE-2026-8758: Metasoft MetaCRM Unrestricted File Upload via upload3.jsp
id: scw-2026-05-17-ai-1
status: experimental
level: critical
description: |
  Detects the specific unrestricted file upload vulnerability in Metasoft MetaCRM (CVE-2026-8758) by looking for POST requests to '/common/jsp/upload3.jsp' containing the 'File=' parameter, which is indicative of the exploit attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-05-17
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-8758/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|endswith:
          - '/common/jsp/upload3.jsp'
      cs-method|exact:
          - 'POST'
      sc-status|exact:
          - '200'
  selection_file_upload:
      uri|contains:
          - 'File=' 
  condition: selection AND selection_file_upload
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-8758 Unrestricted Upload Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06
CVE-2026-8758 Unrestricted Upload Vulnerable file: /common/jsp/upload3.jsp
CVE-2026-8758 Unrestricted Upload Vulnerable argument: File

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 17, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-20240 — Denial of Service

CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-20
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data

CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...

vulnerabilityCVEhigh-severitycwe-532
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 5 IOCs /⚙ 4 Sigma

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...

vulnerabilityCVEmedium-severitycwe-863
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma