What is CVE-2026-2113?

A medium-severity vulnerability has been identified in tpadmin versions up to 1.3.12. The issue, related to remote deserialization, may lead to exploitation. Organizations should prioritize patching to mitigate potential risks.

What is the severity of CVE-2026-2113?

CVE-2026-2113 has a severity rating of MEDIUM with a CVSS base score of 6.9.

CVE-2026-2113 | Medium Vulnerability in tpadmin tpadmin

A security vulnerability has been detected in tpadmin versions up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

The CVSS score for this vulnerability is 6.9, classifying it as medium severity. This indicates a moderate level of risk to organizations, particularly those utilizing affected versions of tpadmin. The potential for remote exploitation necessitates immediate attention from security teams.

Organizations should prioritize patching immediately. The vulnerability has been confirmed to allow unauthorized access to systems, which can result in significant operational and reputational damage.

Given the nature of the vulnerability and the potential for exploitation, security practitioners must assess their environments for the use of affected versions and take appropriate action.

Vulnerability Details

The vulnerability involves remote deserialization which can be leveraged by an attacker to execute arbitrary code on the server. The affected component, WebUploader, is part of the tpadmin application.

The CVE was published on February 7, 2026, following a security analysis that highlighted significant risks associated with the vulnerability. The recognized weaknesses include CWE-20 (Improper Input Validation) and CWE-502 (Deserialization of Untrusted Data).

Technical Analysis

The root cause of this vulnerability is related to the improper handling of user input, leading to deserialization issues. Attackers can exploit this vulnerability over a network with low complexity and without the need for any authentication or user interaction.

The attack vector is network-based, and it requires no privileges or user interaction, making it particularly dangerous. The impacts on confidentiality, integrity, and availability are all rated as low.

Risk & Impact Analysis

Risk to organizations includes the possibility of unauthorized access to sensitive data and potential for complete system compromise. The vulnerability can impact organizations that have deployed the tpadmin application in production environments, especially if these systems are publicly accessible.

The urgency for addressing this vulnerability is high, given that the exploit has been disclosed and could be utilized by malicious actors. Organizations should evaluate their risk exposure and implement necessary mitigations.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of tpadmin prior to 1.3.12. Organizations should ensure they upgrade to the latest version to mitigate this risk.

Mitigation & Remediation

To mitigate the vulnerability, organizations must apply the latest patches provided by the vendor. If a patch is not available, organizations should consider removing the affected component or implementing strict access controls to limit exposure.

For further assistance, organizations can engage in penetration testing to assess their security posture.

Detection Guidance

Security teams should monitor for any unusual log entries related to the server access patterns. Behavioral anomalies indicating unauthorized file uploads should also be flagged for further investigation.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability is profound, as it represents a serious risk associated with deserialization flaws within web applications. Security teams must prioritize remediating similar weaknesses by adopting secure coding practices and conducting regular security assessments.

For organizations utilizing tpadmin, understanding the implications of this vulnerability can assist in developing a robust security strategy. Engaging in vulnerability management programs is essential for maintaining a strong security posture.

Regular training on secure coding practices and the implementation of a penetration testing methodology will further enhance the organization's ability to defend against similar vulnerabilities in the future.

In conclusion, the analysis of CVE-2026-2113 highlights the importance of continuous monitoring and proactive security measures to mitigate risks associated with deserialization vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-2113: Medium Vulnerability in tpadmin tpadmin