LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-29839

CVE-2026-29839 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 25, 2026

DedeCMS - Cross-Site Request Forgery

Published: March 24, 2026Updated: March 25, 2026Remote Exploitable

Overview

DedeCMS v5.7.118 contains a cross-site request forgery vulnerability in /sys_task_add.php, letting attackers perform unauthorized actions, exploit requires victim interaction.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 1.3%(Probability of exploitation in next 30 days)

Impact

Attackers can perform unauthorized actions on behalf of authenticated users, potentially compromising system integrity.

Mitigation

Update to the latest version of DedeCMS.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 24, 2026

šŸŸ  CVE-2026-29839 - High (8.8) DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-29839/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-29839
Severity
High
CVSS Score
8.8
Type
cross_site_request_forgery
Status
confirmed
EPSS
1.3%
Social Posts
1

CWE

  • CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.3%Probability of exploitation in the next 30 days