CVE-2026-10075 Interinfo CVE debrief

Who should care

Organizations running DreamMaker software should prioritize assessment and patching. Security teams should monitor for exploitation attempts targeting path traversal vulnerabilities. Developers working with file system operations in web applications should review input validation practices. Incident response teams should include this CVE in threat intelligence monitoring given its network-exploitable, unauthenticated nature.

Technical summary

The vulnerability exists in DreamMaker, a software product developed by Interinfo. An unauthenticated remote attacker can exploit an absolute path traversal weakness (CWE-36) to enumerate file names at arbitrary file system paths. The attack requires no privileges or user interaction and can be conducted over the network with low attack complexity. The confidentiality impact is rated low per CVSS 4.0, with no integrity or availability impact. The CVSS vector string is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N.

Defensive priority

medium

Recommended defensive actions

• Review and apply security patches from Interinfo when available
• Implement input validation and path sanitization for file system operations
• Restrict file system access permissions to prevent unauthorized directory traversal
• Monitor for anomalous file access patterns in DreamMaker deployments
• Verify vendor attribution and product version details through official Interinfo channels

Evidence notes

The vulnerability description and CVSS vector are sourced from the official NVD record. The CWE-36 classification and advisory links are attributed to TW-CERT as the primary source. Vendor identification remains under review due to low-confidence domain attribution in source metadata.

Official resources