CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.

CVSS

No CVSS.

References

Link	Resource
https://zuso.ai/advisory/za-2026-02

Configurations

No configuration.

History

04 Feb 2026, 16:34

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de carga irrestricta de archivos de tipo peligroso en la función de carga de archivos de las versiones de Interinfo DreamMaker anteriores al 22/10/2025 permite a atacantes remotos ejecutar comandos de sistema arbitrarios a través de un archivo de clase malicioso.

30 Jan 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-30 05:16

Updated : 2026-02-04 16:34

NVD link : CVE-2026-24729

Mitre link : CVE-2026-24729

CVE.ORG link : CVE-2026-24729

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2026-24729", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ART@zuso.ai", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-30T05:16:33.490", "references": [{"url": "https://zuso.ai/advisory/za-2026-02", "source": "ART@zuso.ai"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ART@zuso.ai", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file."}, {"lang": "es", "value": "Una vulnerabilidad de carga irrestricta de archivos de tipo peligroso en la funci\u00f3n de carga de archivos de las versiones de Interinfo DreamMaker anteriores al 22/10/2025 permite a atacantes remotos ejecutar comandos de sistema arbitrarios a trav\u00e9s de un archivo de clase malicioso."}], "lastModified": "2026-02-04T16:34:21.763", "sourceIdentifier": "ART@zuso.ai"}