CVE-2026-29839
Cross-Site Request Forgery in DedeCMS /sys_task_add.php
Publication date: 2026-03-24
Last updated on: 2026-03-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dedecms | dedecms | 5.7.118 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-29839 is a Cross-Site Request Forgery (CSRF) vulnerability found in DedeCMS version 5.7.118, specifically in the /sys_task_add.php component.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application does not properly verify CSRF tokens for the save action in this script.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this by creating a malicious HTML page that automatically sends a forged POST request to the vulnerable endpoint.'}, {'type': 'paragraph', 'content': "If an authenticated administrator visits this malicious page, the attacker can create arbitrary scheduled tasks without the administrator's consent."}] [2]
How can this vulnerability impact me? :
This vulnerability allows an attacker to remotely create unauthorized scheduled tasks in the context of an authenticated administrator.
Such unauthorized scheduled tasks may lead to further security risks depending on how the scheduled tasks are configured on the affected system.
The attack requires the administrator to be authenticated and to visit a malicious page controlled by the attacker.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves a Cross-Site Request Forgery (CSRF) in the /sys_task_add.php script of DedeCMS v5.7.118, where unauthorized scheduled tasks can be created if an authenticated administrator visits a malicious page.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your system or network, you can monitor HTTP POST requests to the /dede/sys_task_add.php endpoint, especially those that create or modify scheduled tasks.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "Using web server logs (e.g., Apache or Nginx) to search for POST requests to /dede/sys_task_add.php: \n`grep 'POST /dede/sys_task_add.php' /var/log/nginx/access.log`"}, {'type': 'list_item', 'content': 'Checking for unusual or unexpected scheduled tasks created around the time of suspicious requests.'}, {'type': 'list_item', 'content': 'Using network monitoring tools (e.g., tcpdump or Wireshark) to capture and analyze HTTP traffic targeting /dede/sys_task_add.php.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Restrict access to the /dede/sys_task_add.php script to trusted administrators only, ideally by IP address or VPN.
- Ensure that administrators do not visit untrusted or suspicious websites while authenticated to the DedeCMS backend.
- Implement or enforce CSRF protection mechanisms such as verifying CSRF tokens on all sensitive POST requests if possible.
- Monitor and audit scheduled tasks regularly to detect any unauthorized creations.
- Update DedeCMS to a version where this vulnerability is patched once available.