CVE-2026-11621
Received Received - Intake
Unrestricted File Upload in Dcat-Admin up to 2.2.3-beta

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: VulDB

Description
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-11621
EUVD
EUVD-2026-35296
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Dcat-Admin up to version 2.2.3-beta, specifically in the editorMDUpload function of the /admin/dcat-api/editor-md/upload file within the User Setting Page component.

The issue is caused by manipulation of the argument editormd-image-file, which leads to unrestricted file upload.

An attacker can exploit this vulnerability remotely, and the exploit code has been publicly disclosed.

Impact Analysis

The unrestricted file upload vulnerability allows an attacker to upload arbitrary files to the server.

This can lead to potential compromise of the system, including executing malicious code, defacing the website, or gaining unauthorized access.

Since the attack can be initiated remotely, it increases the risk of exploitation without requiring physical access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11621. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart