CVE-2026-10550— elunez eladmin Application Deployment App.java command injection
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10550
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
elunez eladmin Application Deployment App.java command injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-10550
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10550
请登录查看更多情报信息。
Vendor Pages for CVE-2026-10550 (1)
Other References for CVE-2026-10550 (1)
IV. Related Vulnerabilities
Same product: eladmin
- CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac - CVE-2025-10084
elunez eladmin SysLogController 1 queryErrorLogDetail improp - CVE-2025-10014
elunez eladmin Email Address updateEmail updateUserEmail imp - CVE-2025-9937
elunez eladmin LocalStorageController deleteFile improper au - CVE-2025-9241
elunez eladmin exportUser csv injection
Same vendor: elunez
- CVE-2025-10084
elunez eladmin SysLogController 1 queryErrorLogDetail improp - CVE-2025-10014
elunez eladmin Email Address updateEmail updateUserEmail imp - CVE-2025-9937
elunez eladmin LocalStorageController deleteFile improper au - CVE-2025-9241
elunez eladmin exportUser csv injection - CVE-2025-9240
elunez eladmin info information disclosure
Same weakness: CWE-77
- CVE-2024-52011
launch-editor vulnerable to command injection via the crafte - CVE-2026-10182
TRENDnet TEW-432BRP formWlanSetup command injection - CVE-2026-10180
TRENDnet TEW-432BRP formSysCmd command injection - CVE-2026-10166
Edimax BR-6478AC POST Request formWlbasic command injection - CVE-2026-10127
Edimax BR-6478AC POST Request formStaDrvSetup command inject
V. Comments for CVE-2026-10550
No comments yet