PT-2026-21468 · Qinming99 · Dst-Admin
Xcxr
·
Published
2026-02-22
·
Updated
2026-02-25
·
CVE-2026-2957
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
qinming99 dst-admin versions up to 1.5.0
Description
A flaw exists in qinming99 dst-admin that can lead to a denial of service. This issue is related to the
deleteBackup function within the BackupController.java file located in the src/main/java/com/tugos/dst/admin/controller directory, part of the File Handler component. The attack can be initiated remotely, and details about the exploit are publicly available. The vendor was notified but did not respond.Recommendations
Versions prior to 1.5.1 should be updated. As a temporary workaround, consider restricting access to the
deleteBackup() function until a patch is available.Exploit
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dst-Admin