CVE-2026-2957

Name of the Vulnerable Software and Affected Versions qinming99 dst-admin versions up to 1.5.0

Description A flaw exists in qinming99 dst-admin that can lead to a denial of service. This issue is related to the deleteBackup function within the BackupController.java file located in the src/main/java/com/tugos/dst/admin/controller directory, part of the File Handler component. The attack can be initiated remotely, and details about the exploit are publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 1.5.1 should be updated. As a temporary workaround, consider restricting access to the deleteBackup() function until a patch is available.