CVE-2026-30643 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 3, 2026
DedeCMS - Remote Code Execution
Published: April 1, 2026Updated: April 3, 2026Remote Exploitable
Overview
DedeCMS 5.7.118 contains a remote code execution caused by crafted setup tag values in a module upload, letting attackers execute arbitrary code remotely, exploit requires module upload capability.
Severity & Score
Severity: Critical
CVSS Score: 9.8
EPSS Score: 7.8%(Probability of exploitation in next 30 days)
Impact
Attackers can execute arbitrary code remotely, potentially leading to full system compromise.
Mitigation
Update to the latest version of DedeCMS.
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2026-30643 - Critical (9.8) An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. š https://www.thehackerwire.com/vulnerability/CVE-2026-30643/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30643
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 7.8%
- Social Posts
- 1
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
7.8%Probability of exploitation in the next 30 days