CVE-2026-2898 | funadmin up to 7.1.0-rc4 Backend Endpoint AuthCloudService.php getMember cloud_account deserialization

A vulnerability categorized as problematic has been discovered in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization.

This vulnerability was named CVE-2026-2898. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2898 | funadmin up to 7.1.0-rc4 Backend Endpoint AuthCloudService.php getMember cloud_account deserialization

Post correlati

CVE-2023-49469 | Shaarli 0.12.2 Search Tag cross site scripting (Issue 2038)

CVE-2023-37530 | HCL BigFix Platform up to 9.5.23/10.0.10 Web Reports cross site scripting (KB0110209)

CVE-2023-45873 | Couchbase Server up to 7.2.2 denial of service

CVE-2022-48796 | Linux Kernel up to 5.10.100/5.15.23/5.16.9 iommu dev_iommu_free use after free