CVE-2026-10581 MEDIUM

CVE-2026-10581: DedeCMS download.php base64_decode server-side request forgery

Vendor N/A

Product DedeCMS

Weakness CWE-918 · SSRF

Published June 2, 2026

Last update June 2, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Key dates

Disclosure timeline

June 2, 2026 CVE published

June 2, 2026 Record updated