Cwe-434 - Unrestricted Upload Of File With Dangerous Type - Cwe

Threat entity extracted from intelligence sources

Frequency
20
occurrences
First Seen
April 19, 2026
Last Seen
July 11, 2026

Cwe-434 - Unrestricted Upload Of File With Dangerous Type is a cwe tracked across 16 threat clusters and 20 intelligence report mentions on ThreatCluster. First observed April 19, 2026; most recent activity July 11, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • 434 — cwe.mitre.org · July 11, 2026
  • Wordpress Blocksy Companion Plugin 2 1 46 Unauthenticated Arbitrary File Upload Vulnerability — patchstack.com · July 9, 2026
  • CVE-2026-58480 — nvd.nist.gov · July 9, 2026
  • CVE-2026-58480: Blocksy Companion Pro plugin Remote code execution — Sherlockforensics · July 9, 2026
  • JVN#40604023 prior disclosure — jvn.jp · July 5, 2026
  • CVE-2026-5524 INCIBE-CERT - Vulnerabilities RSS / 22h The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. Attackers can specify PHP-executable extensions such as .phtml, .phar, .php5, or .php7 to bypass the plugin's .htaccess protection which only blocks .php files specifically. — www.incibe.es · July 3, 2026
  • CVE-2026-5524 - Exploits & Severity — Feedly · July 2, 2026
  • Cisco Unified CM Flaw Faces Active Exploitation After PoC Release — Mallory.Ai · June 24, 2026

CVSS v3.1 Breakdown