CVE-2026-10073
Arbitrary File Read via Relative Path Traversal in DreamMaker
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| interinfo | dreammaker | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability allows unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files in DreamMaker by Interinfo.
No specific mitigation steps or patches are provided in the available resources for CVE-2026-10073.
Can you explain this vulnerability to me?
The vulnerability in DreamMaker developed by Interinfo is an Arbitrary File Read issue. It allows unauthenticated local attackers to exploit a Relative Path Traversal flaw to download arbitrary system files.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to read sensitive system files without authentication. This could lead to exposure of confidential information, potentially compromising system security and privacy.