HarborGuard / CVE
Back to search
HIGHCVE-2026-10073Published Modified CNA twcert

CVE-2026-10073: Interinfo|DreamMaker - Arbitrary File Read

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An arbitrary file read vulnerability in Interinfo DreamMaker lets unauthenticated remote attackers use relative path traversal sequences to download arbitrary files from the host filesystem. The flaw is reachable over the network with no authentication and no user interaction, and successful exploitation discloses sensitive files such as configuration data, credentials, and application source. No fix version has been published; HarborGuard tracks the advisory and will surface a patched-image rebuild once the upstream fix lands.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE record is ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI pipelines, including custom-built images that bundle DreamMaker Java Composer 2.2 or earlier.

Available
Triage

Triage is available with the published CVSS v4.0 score of 8.7 (High) weighted against each customer's compliance policy, and findings are routed to the appropriate security or application-owner inbox inside the customer organization.

Available
Patch

Because no upstream fix is published, HarborGuard re-checks the advisory on each ingest cycle and makes a patched-image rebuild available the moment Interinfo ships a corrected release; for customers with auto-remediation enabled, the rebuild then triggers a regression run and a PR against affected workloads.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the DreamMaker service over the network (AV:N).

  • AuthenticationNot required

    No credentials are needed; the endpoint accepts unauthenticated requests (PR:N).

  • Victim interactionNot required

    No user action is needed; the attacker drives the entire exchange (UI:N).

  • Attack complexityDetail

    Attack complexity is low: the path traversal payload works reliably without environmental preconditions (AC:L).

Blast Radius

  • Reads arbitrary files from the application host, including configuration files, credentials, private keys, and application source.
  • No integrity or availability impact is indicated by the CVSS vector (VI:N, VA:N); the bug is a pure disclosure primitive.
  • Stolen credentials and secrets can be reused to pivot into databases, internal APIs, or cloud accounts referenced by the leaked configuration.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the TWCERT advisory for a published fix, with the patched-image rebuild becoming available automatically on the next ingest cycle after Interinfo ships a corrected DreamMaker release. In the meantime, compensating-control guidance is surfaced for affected environments, including network-policy isolation of DreamMaker instances, egress and ingress filtering to restrict exposure to trusted networks, and WAF or reverse-proxy rules that block traversal sequences in request paths. For customers with auto-remediation enabled, the eventual upstream fix will trigger a rebuild, regression run, and PR opened against affected workloads without manual intervention.

See how HarborGuard automates this

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • Interinfo / DreamMaker
    ≤ DreamMaker Java Composer 2.2
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References