Arbitrary File Upload Vulnerability in DreamMaker by Interinfo
CVE-2026-10072

8.6HIGH

Key Information:

Vendor: Interinfo
Status: Dreammaker
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-10072?

The Arbitrary File Upload vulnerability in DreamMaker, developed by Interinfo, enables privileged remote attackers to upload and execute web shell backdoors on servers. This flaw poses a significant risk as it allows attackers to execute arbitrary code, compromising the integrity and security of the affected systems. Organizations using DreamMaker should prioritize applying available patches and implement security measures to mitigate this vulnerability.

Affected Version(s)

DreamMaker 0

References

https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-10072 Data

JSON