Vendor
A critical unrestricted file upload vulnerability, CVE-2026-14736, in Ruijie RG-UAC up to version 1.0-R1.8.2.p5 allows unauthenticated remote attackers to upload arbitrary files via manipulation of the `upload_image` argument in `user_auth_commit.php`, potentially leading to remote code execution.