Denial of Service Vulnerability in SourceCodester Review App
CVE-2026-10295

4.8MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Customer Review App
Vendor
CVE Published:
1 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-10295?

A vulnerability in the SourceCodester Customer Review App version 1.0 was identified that allows attackers to trigger denial of service through the functions add_review, save_review, and get_all_reviews in the review_app.py file. This issue arises when an attacker manipulates the arguments name and comment, which disrupts normal service operations. The exploit is local, meaning that the attacker needs to have specific access. The details of this vulnerability are publicly available, highlighting the need for effective patching and security measures.

Affected Version(s)

Customer Review App 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10295 - Proof of Concept

References

https://vuldb.com/vuln/367588
vdb-entrytechnical-description
https://vuldb.com/vuln/367588/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10295
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ameenkbrd (VulDB User)
.