PT-2026-26326 · Dedecms · Dedecms

Jacobjacob

Published

2026-03-19

Updated

2026-03-23

CVE-2026-30694

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DedeCMS versions prior to 5.7.119

Description A flaw exists in DedeCMS that allows a remote attacker to execute arbitrary code through the array filter component. The issue does not require authentication.

Recommendations Update to version 5.7.119 or later.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-30694

Affected Products

Dedecms

PT-2026-26326 · Dedecms · Dedecms

CVE-2026-30694

Weakness Enumeration

Related Identifiers

Affected Products

References · 6