CVE-2026-4221
Published: 16 March 2026
Summary
CVE-2026-4221 is a high-severity Improper Access Control (CWE-284) vulnerability in Feishu (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 enforces approved authorizations for access to the /rest/file/uploadLedImage endpoint, directly addressing the improper access control (CWE-284) that allows unauthenticated remote file uploads.
SI-10 validates the File argument to ensure only safe content is accepted, comprehensively mitigating the unrestricted upload of dangerous file types (CWE-434) via the vulnerable endpoint.
SI-9 restricts the types and amounts of files permitted for upload through the Endpoint component, preventing exploitation of the unrestricted file upload vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote file upload to public-facing /rest/file/uploadLedImage endpoint directly enables T1190 (exploit of public-facing app), T1505.003 (web shell deployment via arbitrary dangerous file), and T1105 (ingress of malicious tools/payloads).
NVD Description
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely.…
more
The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-4221 is a vulnerability in Tiandy Easy7 Integrated Management Platform version 7.17.0 that affects an unknown part of the /rest/file/uploadLedImage endpoint in the Endpoint component. The issue enables unrestricted file upload through manipulation of the File argument, as classified under CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type). It was published on 2026-03-16 with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, requiring only network access and low complexity. Successful exploitation allows limited impacts to confidentiality, integrity, and availability, potentially enabling attackers to upload malicious files via the vulnerable endpoint.
Advisories referenced in VulDB entries (ctiid.351145, id.351145, submit.770534) and a Feishu document detail the issue, noting that the vendor was contacted early for coordinated disclosure but provided no response. No official patches or mitigations are mentioned.
The exploit has been made public and could be used, increasing the risk for exposed instances of the affected platform.
Details
- CWE(s)