CVE-2026-11621

4.7 MEDIUM

A weakness has been identified in Dcat-Admin up to 2.2.3-beta

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 4.7 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284, CWE-434

Description

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11621
[Other]https://vuldb.com/cve/CVE-2026-11621
[Other]https://vuldb.com/submit/834849
[Other]https://vuldb.com/vuln/369302
[Other]https://vuldb.com/vuln/369302/cti
[Other]https://www.yuque.com/u25169484/wroc9b/co6eg4x23xkfesng

Related CVEs

Same CWE

CVE-2026-46695 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (10.0 CRITICAL)
CVE-2026-50564 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-50563 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-50545 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-49824 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)