CVE-2026-24728
Interinfo DreamMaker <2025/10/22 - Auth Bypass
Title source: llmDescription
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.
References (1)
Scores
EPSS
0.0028
EPSS Percentile
51.1%
Classification
CWE
CWE-306
Status
draft
Timeline
Published
Jan 30, 2026
Tracked Since
Feb 18, 2026