THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 17, 2026

‼️CVE-2026-0740 - Ninja Forms File Uploads up to v3.3.26 - Unauthenticated Arbitrary File Upload...

CVE-2026-0740 unauthenticated arbitrary file upload in Ninja Forms up to v3.3.26.

Read at source

Summary

A critical unauthenticated arbitrary file upload vulnerability (CVE-2026-0740) has been disclosed in Ninja Forms plugin versions up to 3.3.26. The vulnerability allows attackers to upload malicious files without authentication. A proof-of-concept exploit has been publicly released, increasing the risk of immediate exploitation.

Indicators of Compromise

  • cve — CVE-2026-0740

Entities

Ninja Forms (product)