Arbitrary File Upload Vulnerability in DreamMaker by Interinfo
CVE-2026-10071

9.3CRITICAL

Key Information:

Vendor: Interinfo
Status: Dreammaker
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-10071?

The DreamMaker application developed by Interinfo is susceptible to an arbitrary file upload vulnerability, which could allow unauthenticated remote attackers to upload malicious files. This vulnerability can lead to the execution of web shell backdoors on the server, granting attackers unauthorized access and the ability to execute arbitrary code, potentially compromising the entire system. Organizations using DreamMaker should prioritize applying necessary patches to mitigate this security risk.

Affected Version(s)

DreamMaker 0

References

https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-10071 Data

JSON