Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.
AnalysisAI
Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.
Technical ContextAI
DreamMaker is a web application product developed by Taiwanese vendor Interinfo. The root cause is CWE-36 (Absolute Path Traversal), a class of path traversal where user-controlled input is passed as an absolute path to a filesystem API without sanitization or restriction to a defined base directory. Unlike relative path traversal (CWE-22, using '../' sequences), absolute path traversal allows an attacker to directly specify a root-anchored path (e.g., '/etc/' or 'C:\Windows\') bypassing chroot-style jailing that only strips traversal sequences. The affected CPE is cpe:2.3:a:interinfo:dreammaker:*:*:*:*:*:*:*:*, indicating all known versions are affected. The vulnerability was reported by TWCERT (Taiwan Computer Emergency Response Team) and disclosed via two advisories (Chinese and English language versions).
RemediationAI
Consult the TWCERT advisories at https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html (Chinese) and https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html (English) for the vendor-released patch - no exact fixed version number is available in the provided intelligence, so a vendor-released patch version cannot be independently confirmed at this time. As a compensating control pending patching, restrict DreamMaker's network exposure by placing it behind a web application firewall (WAF) with rules blocking absolute path patterns (e.g., requests containing root-anchored path strings like '/etc/', 'C:\', '/var/') though WAF bypass via encoding is possible and should not be treated as equivalent to a code fix. Additionally, restrict DreamMaker to internal network segments and enforce IP allowlisting to reduce the unauthenticated attack surface. Run the DreamMaker process under a least-privilege OS account with filesystem access scoped to its operational directory to limit the impact of successful traversal.
More in Dreammaker
View allUnauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and
Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files b
Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell b
Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundari
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33301
GHSA-r2hv-45g6-75gw