CVE-2026-1879 | Harvard University IQSS Dataverse up to 6.8 Theme Customization /ThemeAndWidgets.xhtml uploadLogo unrestricted upload

A vulnerability identified as critical has been detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload.

This vulnerability is known as CVE-2026-1879. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

You should upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More