CVE-2026-34735: CWE-434: Unrestricted Upload of File with Dangerous Type in HytaleModding wiki
CVE-2026-34735 is a high-severity vulnerability in HytaleModding wiki versions 1. 2. 0 and earlier. The quickUpload() endpoint improperly validates uploaded files by checking MIME type independently from the client-supplied file extension. This allows an attacker to upload files with dangerous extensions like . php that pass MIME type checks but can be executed on the server, leading to server-side code execution. No patches or official fixes are currently available for this issue.
AI Analysis
Technical Summary
The vulnerability arises because the HytaleModding wiki's quickUpload() endpoint validates uploaded files using PHP's finfo MIME type inspection but uses the client-supplied file extension to name the stored file. Since these checks are independent, an attacker can upload a file with a safe MIME type but a .php extension. The file is stored publicly and accessible via URL, enabling execution of arbitrary server-side code. This is classified as CWE-434: Unrestricted Upload of File with Dangerous Type.
Potential Impact
Successful exploitation allows an attacker to upload and execute arbitrary server-side code on the affected HytaleModding wiki server. This can lead to full compromise of the server, data theft, or further attacks within the hosting environment. The vulnerability has a CVSS 4.0 score of 8.7, indicating high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
At the time of publication, no patches or official fixes are available for this vulnerability. Users should monitor the vendor's advisories for updates. As a temporary mitigation, restrict file upload functionality or implement additional server-side validation to ensure file extensions match MIME types and disallow execution of uploaded files. Consider isolating the upload directory from execution permissions until an official fix is released.
CVE-2026-34735: CWE-434: Unrestricted Upload of File with Dangerous Type in HytaleModding wiki
Description
CVE-2026-34735 is a high-severity vulnerability in HytaleModding wiki versions 1. 2. 0 and earlier. The quickUpload() endpoint improperly validates uploaded files by checking MIME type independently from the client-supplied file extension. This allows an attacker to upload files with dangerous extensions like . php that pass MIME type checks but can be executed on the server, leading to server-side code execution. No patches or official fixes are currently available for this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises because the HytaleModding wiki's quickUpload() endpoint validates uploaded files using PHP's finfo MIME type inspection but uses the client-supplied file extension to name the stored file. Since these checks are independent, an attacker can upload a file with a safe MIME type but a .php extension. The file is stored publicly and accessible via URL, enabling execution of arbitrary server-side code. This is classified as CWE-434: Unrestricted Upload of File with Dangerous Type.
Potential Impact
Successful exploitation allows an attacker to upload and execute arbitrary server-side code on the affected HytaleModding wiki server. This can lead to full compromise of the server, data theft, or further attacks within the hosting environment. The vulnerability has a CVSS 4.0 score of 8.7, indicating high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
At the time of publication, no patches or official fixes are available for this vulnerability. Users should monitor the vendor's advisories for updates. As a temporary mitigation, restrict file upload functionality or implement additional server-side validation to ensure file extensions match MIME types and disallow execution of uploaded files. Consider isolating the upload directory from execution permissions until an official fix is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T18:41:20.754Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ceb81be6bfc5ba1df6de9a
Added to database: 4/2/2026, 6:40:27 PM
Last enriched: 4/9/2026, 10:53:29 PM
Last updated: 5/20/2026, 8:52:37 PM
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.