Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Dromara lamp-cloud: Unauthorized Access to User Data
CVE-2026-5529
Summary
A weakness in Dromara lamp-cloud versions up to 5.8.1 can allow an attacker to access user information without permission. This can happen remotely, and an exploit is now publicly available. Users should update to the latest version as soon as possible to fix this issue.
Original title
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manip...
Original description
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
4.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026