## Vulnerability Key Information - **Vulnerability Identifier:** - VDB-344688 - CVE-2026-2113 - GCVE-100-344688 - **Vulnerability Summary:** - A critical vulnerability has been discovered in yuan1994 tpadmin up to version 1.3.12. This vulnerability affects unknown code in the library `/public/static/admin/lib/webuploader/0.1.5/server/preview.php` within the `WebUploader` component. The vulnerability allows for deserialization via manipulation. It only impacts products that are no longer supported by the maintainer. The vulnerability is designated as `CVE-2026-2113`. Remote attacks are possible, and a public exploit is available. - **CVSS Meta Temp Score:** - 6.6 - **Current Exploit Price:** - $0-$5k - **CTI Interest Score:** - 0.92 - **Vulnerability Details:** - A critical vulnerability was identified in `yuan1994 tpadmin` up to version 1.3.12. The issue affects an unknown functionality in the library `/public/static/admin/lib/webuploader/0.1.5/server/preview.php` of the `WebUploader` component. Manipulation using unknown input leads to a deserialization vulnerability, classified by CWE as `CWE-502`. The product deserializes untrusted data without adequately verifying the validity of the resulting data, impacting confidentiality, integrity, and availability. - The advisory is available for download on `github.com`. The vulnerability is tracked as `CVE-2026-2113`. Exploitation is reported to be easy and can be performed remotely. No authentication is required to execute the attack. Technical details and a public exploit are known. - The exploit is shared for download on `github.com` and is labeled as a proof-of-concept. Further information can be obtained by searching for public exploits.