TechApr 14, 20266 minShowDoc File Upload RCE (CVE-2025-0520) Sees First In-the-Wild Exploitation After 5 YearsA CVSS 9.4 file upload vulnerability in ShowDoc, disclosed in 2020, was first observed being exploited in the wild by VulnCheck Canaries in April 2026. Over 2,000 exposed instances remain, primarily in China.SecurityCVERCEShowDocVulnerability