Back to VulnFeed / CVE-2026-11621
root@hackertop:~/vulnfeed/CVE-2026-11621#
CVE-2026-11621 MEDIUM CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

Dcat-Admin up to 2.2.3-beta User Setting Page upload editorMDUpload editormd-image-file unrestricted upload

Dcat-Admin 2.2.3-beta 26d ago Impact pending confirmation
LIFECYCLE
4.3 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in Dcat-Admin up to 2.2.3-beta and classified as critical. Affected by this issue is the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
The manipulation of the argument editormd-image-file with an unknown input leads to a unknown weakness. Using CWE to declare the problem leads to CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Impact: Impacted is confidentiality, integrity, and availability.

Exploit: The exploit is available at yuque.com. It is declared as proof-of-concept.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-11621 · CVSS 4.3 · Active Threat