Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.1
CVE-2026-10581: DedeCMS download feature allows server to be tricked
CVE-2026-10581
Summary
A security issue affects the download feature in DedeCMS version 5.7.88. This issue allows an attacker to trick the server into making unauthorized requests, potentially leading to further security issues. Update to the latest version to fix this issue.
Original title
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-sid...
Original description
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
2.1
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026