CVE-2026-5529

MEDIUM 4.3

Dromara lamp-cloud DefUserController pageUser improper authorization

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

1th

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-285 CWE-266
Vendor	dromara
Product	lamp-cloud
Published	Apr 5, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for dromara lamp-cloud

Be the first to know when new medium vulnerabilities affecting dromara lamp-cloud are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Dromara / lamp-cloud

5.8.0 5.8.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355282 vuldb.com: https://vuldb.com/vuln/355282/cti vuldb.com: https://vuldb.com/submit/782103 github.com: https://github.com/dromara/lamp-cloud/issues/403 github.com: https://github.com/dromara/lamp-cloud/

Credits

🔍 aibot88 (VulDB User) VulDB CNA Team