CVE Catalog

CVE-2026-11621

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile - higher than 11% of all known CVEs

Summary

A weakness has been identified in Dcat-Admin up to version 2.2.3-beta, affecting the function editorMDUpload in the file /admin/dcat-api/editor-md/upload on the User Setting Page. Manipulation of the argument editormd-image-file allows unrestricted file uploads.

Risk Assessment

An attacker can remotely exploit this vulnerability to upload malicious files, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to update Dcat-Admin to the latest version to mitigate this vulnerability and to monitor the system for unauthorized activities.

Original NVD description (English source)

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS