ShowDoc articles | lilting channel

Tech Apr 14, 2026 6 min

ShowDoc File Upload RCE (CVE-2025-0520) Sees First In-the-Wild Exploitation After 5 Years

A CVSS 9.4 file upload vulnerability in ShowDoc, disclosed in 2020, was first observed being exploited in the wild by VulnCheck Canaries in April 2026. Over 2,000 exposed instances remain, primarily in China.

Security CVE RCE ShowDoc Vulnerability

#ShowDoc

ShowDoc File Upload RCE (CVE-2025-0520) Sees First In-the-Wild Exploitation After 5 Years