23 May 2026
Reference: CVE-2026-24479
1. What is being reported?
The report describes a critical vulnerability in certain parts of the HUSTOF software that handle uploaded ZIP files. Before a recent fix, these parts did not properly check file names inside ZIP archives, allowing attackers to place files in dangerous locations on the server. This can let them execute malicious commands remotely.
2. What this means in plain English
If your organisation uses HUSTOF for programming contests or training, this flaw could let hackers take control of your system by uploading harmful files. This could lead to data loss, disruption, or unauthorised access. Even if you do not use HUSTOF, it is useful to be aware of how such vulnerabilities work.
3. Could this affect a small business?
Small organisations using HUSTOF versions before 26.01.24 are at risk. Those not using this software or using the fixed version are unlikely to be affected. If you are unsure whether you use HUSTOF, check with your IT provider or software supplier.
4. What to do now
- Check if your organisation uses HUSTOF software, especially for programming contests or training.
- If you do use HUSTOF, verify the version and update to version 26.01.24 or later immediately.
- Ask your IT provider to review file upload handling and ensure no similar vulnerabilities exist.
- Monitor your systems for unusual activity and maintain regular backups in case of compromise.
5. Ask your IT provider
Can you confirm if we use HUSTOF software and whether it is updated to the latest secure version to prevent remote code execution risks?
6. Bottom line
Update HUSTOF software promptly if you use it to protect your organisation from serious security risks.
Information based on CISA KEV, NVD and reputable security reporting.