CVE-2026-2956

MEDIUM

qinming99 dst-admin <=1.5.0 - Command Injection

Title source: llm

Description

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 6.3
EPSS 0.0035
EPSS Percentile 57.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-74 CWE-77
Status published

Affected Products (1)

dst-admin_project/dst-admin < 1.5.0

Timeline

Published Feb 22, 2026
Tracked Since Feb 23, 2026