← back
CVE-2026-11621

Dcat-Admin User Setting upload editorMDUpload unrestricted upload

CVSS 5.1 MEDIUMEPSS 0.2%CWE-284CWE-434
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
n/a · Dcat-Admin
public PoCs found1
cve_referencewww.yuque.com/u25169484/wroc9b/co6eg4x23xkfesngunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/cve/CVE-2026-11621https://vuldb.com/submit/834849https://vuldb.com/vuln/369302https://vuldb.com/vuln/369302/ctihttps://www.yuque.com/u25169484/wroc9b/co6eg4x23xkfesng