CVE-2026-5529: Lamp-Cloud Improper Auth (5.8.0-5.8.1)
Platform
php
Component
lamp-cloud
CVE-2026-5529 is an improper authorization vulnerability identified in Dromara lamp-cloud versions 5.8.0 through 5.8.1. This flaw allows a remote attacker to manipulate the pageUser function within the DefUserController component, potentially gaining unauthorized access. The vulnerability is publicly known and exploitable, impacting systems running the affected versions. Currently, no official patch has been released to address this issue.
How to fix
Actualice lamp-cloud a una versión corregida. El proyecto Dromara ha sido notificado del problema, pero aún no ha proporcionado una solución. Consulte las fuentes de referencia para obtener más información y posibles soluciones alternativas.
Frequently asked questions
What is CVE-2026-5529?
CVE-2026-5529 is a vulnerability in Dromara lamp-cloud versions 5.8.0–5.8.1 that allows attackers to bypass authorization controls through manipulation of the pageUser function. This can lead to unauthorized access to resources.
Am I affected by CVE-2026-5529?
You are potentially affected if you are running Dromara lamp-cloud versions 5.8.0 or 5.8.1. The vulnerability is remotely exploitable and the exploit is public.
How can I fix or mitigate CVE-2026-5529?
As of now, no official patch is available for CVE-2026-5529. Consider implementing compensating controls, such as stricter access controls and regular security audits, until a patch is released.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free