A vulnerability categorized as critical has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function
ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The manipulation of the argument filename results in path traversal.
This vulnerability is identified as CVE-2026-15700. The attack can be executed remotely. Additionally, an exploit exists.