CVE-2026-2113 identifies a deserialization vulnerability in the yuan1994 tpadmin product, specifically affecting versions 1.3.0 through 1.3.12. The vulnerability resides in the WebUploader component, located at /public/static/admin/lib/webuploader/0.1.5/server/preview.php. Deserialization flaws occur when untrusted data is processed by an application expecting serialized objects, potentially enabling attackers to execute arbitrary code or manipulate application state. In this case, the vulnerability allows remote attackers to send crafted serialized data to the preview.php endpoint without requiring authentication or user interaction. The vulnerability impacts confidentiality, integrity, and availability to a limited extent (low impact on each), as indicated by the CVSS vector. The product is no longer maintained or supported by the vendor, meaning no official patches or updates are available, increasing the risk for users who continue to operate affected versions. Although no known exploits have been observed in the wild, public exploit code has been disclosed, which could facilitate attacks. The vulnerability's ease of exploitation (network attack vector, low attack complexity, no privileges or user interaction needed) makes it a significant concern for exposed systems. The lack of scope change means the impact is confined to the vulnerable component and its privileges. This vulnerability is categorized as medium severity with a CVSS 4.0 base score of 6.9. The WebUploader component is a third-party library integrated into tpadmin, a web-based administrative interface, which may be used in various web applications or internal management portals.

For European organizations, the vulnerability poses a risk of unauthorized remote code execution or data manipulation on systems running vulnerable versions of yuan1994 tpadmin. This could lead to partial disclosure of sensitive information, unauthorized changes to administrative data, or disruption of service availability. Since the product is no longer supported, organizations cannot rely on vendor patches and must consider alternative mitigation strategies. The impact is heightened for organizations that expose tpadmin interfaces to the internet or have weak network segmentation. Attackers exploiting this vulnerability could gain footholds within internal networks, potentially pivoting to more critical assets. The medium severity score reflects moderate risk, but the ease of exploitation and lack of authentication requirements increase the urgency for mitigation. European entities in sectors such as manufacturing, technology, or government that utilize Chinese-developed administrative tools may be disproportionately affected. Additionally, compliance with GDPR and other data protection regulations could be jeopardized if breaches occur due to this vulnerability.

Given the absence of official patches due to end-of-life status, European organizations should prioritize the following mitigations: 1) Immediately identify and inventory all instances of yuan1994 tpadmin in their environment, especially versions up to 1.3.12. 2) Decommission or replace the vulnerable tpadmin installations with supported alternatives or updated administrative interfaces. 3) If immediate replacement is not feasible, isolate affected systems behind strict network segmentation and restrict access to trusted IPs only. 4) Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious serialized payloads targeting the preview.php endpoint. 5) Monitor network and application logs for anomalous deserialization attempts or unusual traffic patterns. 6) Conduct internal security assessments and penetration tests focusing on deserialization attack vectors. 7) Educate IT and security teams about the risks of using unsupported software and the importance of timely patching or replacement. 8) Consider implementing runtime application self-protection (RASP) solutions to detect exploitation attempts in real time. 9) Maintain up-to-date backups and incident response plans to minimize impact if exploitation occurs.