HarborGuard / CVE
Back to search
HIGHCVE-2026-10072Published Modified CNA twcert

CVE-2026-10072: Interinfo|DreamMaker - Arbitrary File Upload

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Arbitrary file upload in Interinfo DreamMaker lets an authenticated remote attacker upload a web shell and execute arbitrary code on the server. The bug is reachable over the network and requires high-privilege credentials, with no victim interaction needed; successful exploitation yields full read, write, and disruption of the affected service. No upstream fix has been published, and HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against images in customer registries and pipelines. Coverage extends to custom-built images, so internally produced DreamMaker images are flagged the same way as vendor-sourced ones.

Available
Triage

Triage is available using the published CVSS v4 score of 8.6 (High), weighted against each customer's compliance policy so that internet-exposed or production-tagged workloads escalate ahead of isolated ones. Findings route to the appropriate inbox inside each customer org based on image ownership and workload tags.

Available
Patch

No upstream fix has been published for DreamMaker Java Composer 2.2 or earlier, so HarborGuard re-checks the advisory each ingest cycle. A patched-image rebuild will become available the moment the vendor ships a fix, and customers with auto-remediation enabled will get the rebuild, a regression-test run, and a PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the DreamMaker upload endpoint over the network (AV:N).

  • AuthenticationRequired

    A high-privilege administrative account is needed to invoke the vulnerable upload path (PR:H).

  • Victim interactionNot required

    No user action is required; the attacker drives the upload directly (UI:N).

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable once credentials are obtained (AC:L).

Blast Radius

  • Writes attacker-controlled files into the application directory and executes them as a web shell.
  • Reads any data the DreamMaker service can access, including application config and stored records.
  • Modifies or deletes server-side files and persisted data through the resulting code execution.
  • Disrupts or fully takes over the affected service host, since the shell runs in the application's process context.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the twcert advisory for DreamMaker, with the CVE matched against affected images in customer registries on every scan cycle. Until Interinfo publishes a fix, compensating controls are surfaced in the finding, including restricting network reachability to the admin upload endpoint (network policy or VPN-only access), tightening privileged account scope so PR:H is harder to satisfy, and egress filtering to limit the usefulness of any installed shell. The moment an upstream fix lands, a patched-image rebuild becomes available, and environments with auto-remediation enabled get a rebuild, regression run, and PR opened against affected workloads automatically.

See how HarborGuard automates this

Metrics

CVSS v4.0
8.6
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • Interinfo / DreamMaker
    ≤ Java Composer 2.2
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References