HackTesting

CVE-2026-24728

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.

References

https://zuso.ai/advisory/za-2026-01