CVE-2026-11621 | Dcat-Admin up to 2.2.3-beta User Setting Page upload editorMDUpload editormd-image-file unrestricted upload

A vulnerability identified as critical has been detected in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload.

This vulnerability is handled as CVE-2026-11621. The attack can be initiated remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More