A vulnerability labeled as problematic has been found in RoastSlav quickdrop up to 1.5.2 . The impacted element is an unknown function of the file /api/file/upload-chunk of the component File Preview Endpoint . The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-35608 . It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.