A file upload vulnerability exists in Teampass v2.1.26. The vulnerability allows authenticated users with low privileged accounts to upload files to the files directory in the webroot. Malicious users can exploit this vulnerability to upload and run arbitrary code from the files directory.