CVE-2026-10074: DreamMaker Arbitrary File Read Vulnerability (MEDIUM)
DreamMaker, a product developed by Interinfo, contains a vulnerability that allows authenticated administrators or privileged users with local access to read arbitrary files from the system. An attacker with elevated privileges can exploit a path traversal flaw to access sensitive system files they shouldn't normally be able to retrieve, potentially exposing configuration data, credentials, or other protected information.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 4.9 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-23
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-29 / 2026-06-17
NVD description (verbatim)
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10074 is a relative path traversal vulnerability (CWE-23) in DreamMaker that permits privileged local attackers to perform arbitrary file read operations. The vulnerability stems from insufficient validation of user-supplied file paths, enabling traversal beyond intended directory boundaries. The CVSS 3.1 score of 4.9 (MEDIUM severity) reflects a network-accessible attack vector with high confidentiality impact but no integrity or availability impact, and it requires high-level privileges to exploit.
Business impact
While exploitation requires authenticated administrative access, successful attacks could compromise sensitive data stored on affected systems—including configuration files, application secrets, or system-level credentials. In multi-tenant or shared environments, this could lead to lateral movement or escalation if stolen credentials are reused. The confidentiality breach may also trigger compliance reporting obligations depending on the nature and volume of data exposed.
Affected systems
DreamMaker products developed by Interinfo are affected. Organizations running DreamMaker in environments where local administrative access is distributed across teams, contractors, or less-trusted users face elevated risk. The vulnerability requires network accessibility and authenticated high-privilege access, limiting exposure to internal or closely-controlled deployment scenarios.
Exploitability
Exploitation is straightforward once an attacker has authenticated with high privileges; no complex techniques or additional vulnerabilities are required. However, the attack surface is limited by the requirement for local network access and high-level account credentials. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, suggesting no widespread active exploitation has been publicly disclosed as of the latest update.
Remediation
Organizations should immediately identify all systems running DreamMaker and verify their current version against Interinfo's security advisories for available patches or updates. If patches are available, prioritize deployment in environments where administrative access is widely distributed or where sensitive files are stored. Until patching is feasible, restrict local network access and limit the scope of high-privilege accounts to principle-of-least-privilege.
Patch guidance
Contact Interinfo directly or consult their official security advisory to determine patched versions and obtain updates. Apply patches through your organization's standard change management process, testing in non-production environments first. If Interinfo has not yet released a patch, request an expected timeline and interim mitigations. Document the patching process and verify successful remediation post-deployment.
Detection guidance
Monitor for unusual file access patterns by high-privilege accounts, particularly any access to system files or configuration directories outside normal operational workflows. Log and alert on file read operations that traverse parent directories or use path patterns consistent with directory traversal (e.g., '../' sequences in file path requests). Correlation of such activity with DreamMaker process execution would strengthen detection fidelity.
Why prioritize this
Although the CVSS score is MEDIUM and the vulnerability requires high privileges, the confidentiality risk justifies near-term attention. The combination of local network access requirement and high-privilege prerequisite means this is primarily a risk in environments with distributed administrative responsibility or where administrator accounts may be compromised. Organizations with strict access controls and single-operator systems face lower immediate risk but should still remediate to close a potential escalation vector.
Risk score, explained
The CVSS 3.1 score of 4.9 reflects high confidentiality impact (C:H) against a backdrop of network accessibility (AV:N), low attack complexity (AC:L), and no impact on integrity or availability. The requirement for high privileges (PR:H) constrains the score significantly, as this prerequisite substantially narrows the attack surface compared to an unauthenticated or low-privilege variant of the same flaw.
Frequently asked questions
Does this vulnerability allow remote code execution or system compromise?
No. CVE-2026-10074 is limited to arbitrary file read; it does not permit code execution, privilege escalation, or modification of system files. The impact is confidentiality-focused, though stolen credentials or configuration data could facilitate secondary attacks.
Is this vulnerability actively being exploited in the wild?
As of the latest update, this vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating no confirmed widespread active exploitation has been publicly disclosed. However, the vulnerability may still be exploited in targeted scenarios or private campaigns.
What should we do if we cannot patch immediately?
Implement compensating controls: restrict local network access to DreamMaker systems, audit and reduce the number of high-privilege accounts, disable unnecessary administrative features, and enhance monitoring for suspicious file access patterns. Establish a firm patching timeline and escalate resource constraints preventing timely remediation.
How do I know which files are at risk of being read?
Any file readable by the DreamMaker process or the user account running it is potentially accessible via this vulnerability. This typically includes application configuration files, log files, and system files in shared directories. Review your DreamMaker deployment documentation and file permissions to identify which sensitive assets may be exposed.
This analysis is provided for informational purposes and is based on data available as of the publication and modification dates. Vendor advisories and patch information should be independently verified with Interinfo's official security channels. Organizations should conduct their own risk assessments based on their specific deployment configurations and threat models. SEC.co makes no warranties regarding the completeness or accuracy of third-party vendor information and recommends consulting official vendor documentation before implementing any remediation steps. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2025-48977MEDIUMApache Ignite REST API Path Traversal – Authenticated File Read Vulnerability
- CVE-2025-41271HIGHWaterfall WF-500 Path Traversal – Arbitrary File Read Vulnerability
- CVE-2025-41280HIGHWaterfall WF-500 RX Host Path Traversal (Zip Slip) Code Execution Vulnerability
- CVE-2026-10073HIGHDreamMaker Arbitrary File Read via Relative Path Traversal
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection