CVE-2026-5529: Lamp-Cloud Improper Auth (5.8.0-5.8.1)
Plattform
php
Komponente
lamp-cloud
CVE-2026-5529 is an improper authorization vulnerability identified in Dromara lamp-cloud versions 5.8.0 through 5.8.1. This flaw allows a remote attacker to manipulate the /defUser/pageUser function within the DefUserController component, potentially leading to unauthorized access and privilege escalation. The vulnerability is publicly known and exploitable, impacting systems running the affected versions. Currently, no official patch has been released to address this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5529?
CVE-2026-5529 is a vulnerability in Dromara lamp-cloud versions 5.8.0-5.8.1 that allows attackers to bypass authorization controls through manipulation of the /defUser/pageUser function. This can lead to unauthorized access.
Am I affected by CVE-2026-5529?
You are potentially affected if you are running Dromara lamp-cloud version 5.8.0 or 5.8.1. The vulnerability is remotely exploitable and the exploit is publicly available.
How can I fix or mitigate CVE-2026-5529?
As of now, no official patch is available for CVE-2026-5529. Monitor the Dromara lamp-cloud project for updates and consider implementing compensating controls to restrict access to the /defUser/pageUser endpoint until a fix is released.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten