CVE-2026-24729

10.0

Critical

Published:30 Jan 2026

Last updated:17 Jun 2026

Source:ART@zuso.ai

Deferred

Weakness (CWE)

CWE-434Unrestricted File Upload

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.

References

ART@zuso.ai

https://zuso.ai/advisory/za-2026-02