Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-13590
Assigner-WSO2 LLC
ShareView Details
Assigner-WSO2 LLC
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 42.96%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 10:05
Updated-20 Feb, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated arbitrary file upload via a System REST API requiring administrator permission.

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by uploading a specially crafted payload.

Action-Not Available
Vendor-WSO2 LLC
Product-api_managerapi_control_planeuniversal_gatewaytraffic_managerWSO2 Universal Gatewayorg.wso2.carbon.apimgt:org.wso2.carbon.apimgt.implWSO2 Traffic ManagerWSO2 API Control PlaneWSO2 API Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type