CVE-2026-10581 – DedeCMS download.php base64_decode server-side request forgery

CVE ID :CVE-2026-10581

Published : June 2, 2026, 4:17 a.m. | 15 minutes ago

Description :A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-3198 – Improper Access Control in mlflow/mlflow

CVE-2026-10583 – nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

CVE-2026-8206 – Kirki 6.0.0 – 6.0.6 – Unauthenticated Privilege Escalation via ‘handle_forgot_password’

CVE-2026-3871 – Zyxel UPnP Buffer Overflow Denial-of-Service