A vulnerability described as critical has been identified in Metasoft 美特软件 MetaCRM 6.4.0 . The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp . Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2026-10205 . The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.