CVE-2026-2898 | funadmin up to 7.1.0-rc4 Backend Endpoint AuthCloudService.php getMember cloud_account deserialization

A vulnerability categorized as problematic has been discovered in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization.

This vulnerability was named CVE-2026-2898. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2898 | funadmin up to 7.1.0-rc4 Backend Endpoint AuthCloudService.php getMember cloud_account deserialization

Post correlati

CVE-2024-37136 | Dell Path to PowerProtect up to 1.2 exposure of private personal information to an unauthorized actor (dsa-2024-291)

CVE-2024-8416 | SourceCodester Food Ordering Management System 1.0 ticket-status.php ticket_id sql injection

CVE-2025-31714 | Unisoc UWS6152 Developer Tools input validation

CVE-2024-51981 | Printer WS-Addressing server-side request forgery