CVE-2026-1222
Published: 20 January 2026
Summary
CVE-2026-1222 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Org (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1222, published on 2026-01-20, is an Arbitrary File Upload vulnerability (CWE-434) affecting the PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS. Assigned a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), the flaw enables privileged remote attackers to upload and execute web shell backdoors, resulting in arbitrary code execution on the server.
The vulnerability can be exploited by remote attackers who possess high privileges, requiring low attack complexity over the network with no user interaction. Successful exploitation provides high-impact access to confidentiality, integrity, and availability, allowing attackers to achieve full arbitrary code execution and potentially compromise the entire server.
Advisories from TWCERT/CC provide further details on the issue, available at https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html and https://www.twcert.org.tw/tw/cp-132-10642-3b808-1.html.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3465
Vulnerability details
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload directly enables web shell deployment (T1100) on a public-facing controller via remote exploitation (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the arbitrary file upload vector by validating file types, content, and names before allowing web shell placement on the MX100 controller.
Disables or restricts the file-upload and script-execution capabilities that the vulnerability exposes, enforcing least functionality on the AP controller.
Enforces fine-grained access rules so that even high-privilege accounts cannot perform the unauthorized file-write and execute actions used in this attack.