Skip to main content

DreamMaker CVE-2026-10075

| EUVDEUVD-2026-33301 MEDIUM
Absolute Path Traversal (CWE-36)
2026-05-29 twcert GHSA-r2hv-45g6-75gw
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 29, 2026 - 14:34 vuln.today
CVSS changed
May 29, 2026 - 14:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)

DescriptionCVE.org

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability.

AnalysisAI

Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.

Technical ContextAI

DreamMaker is a web application product developed by Taiwanese vendor Interinfo. The root cause is CWE-36 (Absolute Path Traversal), a class of path traversal where user-controlled input is passed as an absolute path to a filesystem API without sanitization or restriction to a defined base directory. Unlike relative path traversal (CWE-22, using '../' sequences), absolute path traversal allows an attacker to directly specify a root-anchored path (e.g., '/etc/' or 'C:\Windows\') bypassing chroot-style jailing that only strips traversal sequences. The affected CPE is cpe:2.3:a:interinfo:dreammaker:*:*:*:*:*:*:*:*, indicating all known versions are affected. The vulnerability was reported by TWCERT (Taiwan Computer Emergency Response Team) and disclosed via two advisories (Chinese and English language versions).

RemediationAI

Consult the TWCERT advisories at https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html (Chinese) and https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html (English) for the vendor-released patch - no exact fixed version number is available in the provided intelligence, so a vendor-released patch version cannot be independently confirmed at this time. As a compensating control pending patching, restrict DreamMaker's network exposure by placing it behind a web application firewall (WAF) with rules blocking absolute path patterns (e.g., requests containing root-anchored path strings like '/etc/', 'C:\', '/var/') though WAF bypass via encoding is possible and should not be treated as equivalent to a code fix. Additionally, restrict DreamMaker to internal network segments and enforce IP allowlisting to reduce the unauthenticated attack surface. Run the DreamMaker process under a least-privilege OS account with filesystem access scoped to its operational directory to limit the impact of successful traversal.

Share

CVE-2026-10075 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy