CVE-2026-28507 HIGH

CVE-2026-28507: Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

Vendor Idno

Product idno

Weakness CWE-78

Published March 6, 2026

Last update March 6, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4.

Key dates

02Disclosure timeline

March 6, 2026 CVE published

March 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-28507 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2011-10026 Spreecommerce < 0.50.x API RCE CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products CVE-2026-27728 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec() CVE-2026-2042 Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability CVE-2023-26039 ZoneMinder vulnerable to OS Command injection in daemonControl() API