DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoor…

DreamMaker developed by Interinfo contains an Arbitrary File Upload vulnerability that allows unauthenticated remote attackers to upload and execute web shell backdoors on the server. This vulnerability enables arbitrary code execution without authentication, posing a critical security risk. The vulnerability has been assigned CVE-2026-10071 and is documented by Taiwan's TWCERT. Remote attackers can exploit this flaw to gain unauthorized access and control over affected systems. The high severity rating indicates this vulnerability poses significant risk to organizations using DreamMaker software.