CVE-2026-10550
MEDIUMelunez eladmin Application Deployment App.java command injection
Title source: cnaDescription
A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367646 | elunez eladmin Application Deployment App.java command injection
https://vuldb.com/vuln/367646
Signature, Permissions Required signature
permissions-required
VDB-367646 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367646/cti
Third Party Advisory third-party-advisory
CVE-2026-10550 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10550
Third Party Advisory third-party-advisory
Submit #828507 | elunez eladmin <= v2.7 (2026.04.21) Command Injection
https://vuldb.com/submit/828507
Exploit exploit
issue-tracking
https://github.com/elunez/eladmin/issues/899
Product product
https://github.com/elunez/eladmin/
Scores
CVSS v3
6.3
EPSS
0.0107
EPSS Percentile
60.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-77
Status
published
Products (8)
elunez/eladmin
2.0
elunez/eladmin
2.1
elunez/eladmin
2.2
elunez/eladmin
2.3
elunez/eladmin
2.4
elunez/eladmin
2.5
elunez/eladmin
2.6
elunez/eladmin
2.7
Published
Jun 02, 2026
Tracked Since
Jun 02, 2026