CRITICALCVE-2026-24729Published 2026-01-30Modified 2026-01-30CNA ZUSO ART

CVE-2026-24729: Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.

CVSS v4.0: 10.0
Severity: CRITICAL
Fixed in: 2025/10/22
Affected Products: 1

Fix available

2025/10/22

Affected packages

Internet Information Co., Ltd / DreamMaker
< 2025/10/22 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References

zuso.ai

Metrics

Fix available