CVE-2026-10295
Denial of Service in Customer Review App
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | customer_review_app | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SourceCodester Customer Review App 1.0, specifically in the functions add_review, save_review, and get_all_reviews within the file review_app.py.
It occurs when an attacker manipulates the arguments 'name' or 'comment' passed to these functions, which can lead to a denial of service condition.
The attack requires local access to the system, meaning the attacker must have some level of local privileges to exploit it.
The exploit for this vulnerability has been made public.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause a denial of service (DoS) in the affected application.
This means that legitimate users may be unable to use the review functions of the application, potentially disrupting normal operations.
Since the attack requires local access, the impact is limited to users or attackers who already have some level of local system access.