A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the compo…

A critical vulnerability (CVE-2026-4221) was discovered in Tiandy Easy7 Integrated Management Platform version 7.17.0. The vulnerability affects the /rest/file/uploadLedImage endpoint and allows unrestricted file upload through manipulation of the File argument. This flaw can be exploited remotely and the exploit has been made publicly available. The vendor was notified about the disclosure but did not respond. The vulnerability poses significant security risks as it allows attackers to upload malicious files without proper restrictions.