CVE-2026-29839

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.118

Description The software contains a Cross-Site Request Forgery (CSRF) issue in the /sys task add.php file. A Cross-Site Request Forgery attack allows an attacker to induce a user to perform unwanted actions on a web application in which they’re currently authenticated. The vulnerable file is /sys task add.php.

Recommendations Update to a newer version of DedeCMS that addresses this issue. As a temporary workaround, consider implementing CSRF protection mechanisms for the /sys task add.php endpoint.