Skip to main content

Interinfo DreamMaker CVE-2026-10073

| EUVDEUVD-2026-33294 HIGH
Relative Path Traversal (CWE-23)
2026-05-29 twcert GHSA-hp24-385h-9xv4
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 29, 2026 - 14:23 vuln.today
CVSS changed
May 29, 2026 - 14:22 NVD
7.5 (HIGH) 8.7 (HIGH)

DescriptionCVE.org

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.

AnalysisAI

Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files by abusing a relative path traversal flaw in the application's file-handling logic. The issue is rated CVSS 4.0 8.7 (High) due to network exploitability with no privileges or user interaction, though impact is confined to confidentiality. No public exploit identified at time of analysis, and the disclosure was coordinated through TWCERT (Taiwan's national CERT).

Technical ContextAI

DreamMaker is a business/enterprise application produced by Taiwanese vendor Interinfo, commonly deployed in regional environments per TWCERT's coordination scope. The underlying weakness is CWE-23 (Relative Path Traversal), where the application accepts a user-supplied path component and resolves it using sequences such as '../' without canonicalization or allow-list validation. Because the file-serving endpoint runs with the privileges of the DreamMaker service account, traversal sequences let an attacker break out of the intended document root and read any file the service process can access, such as configuration files, credentials, or OS artifacts. The CPE 'cpe:2.3:a:interinfo:dreammaker:*:*:*:*:*:*:*:*' indicates all versions are currently in scope until a vendor-fixed version is published.

RemediationAI

No vendor-released patch identified at time of analysis from the provided data; consult the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html and https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html for the vendor-supplied fixed build and apply it as the primary remediation once available. Until a patch is installed, restrict network access to the DreamMaker application - particularly any file-download or document-retrieval endpoints - to trusted internal subnets via firewall or reverse-proxy ACLs, accepting that this will break remote user access; if a WAF is available, block requests whose path or query parameters contain traversal sequences such as '../', '..\', '%2e%2e%2f', and double-encoded variants, with the trade-off that legitimate filenames containing dots may be rejected. Audit the DreamMaker service account's filesystem permissions to ensure it cannot read sensitive OS files (e.g., SAM, shadow, private keys) so that successful traversal yields lower-value data.

Share

CVE-2026-10073 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy