CVE-2026-5529: Improper Authorization in Dromara lamp-cloud
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
This vulnerability affects the pageUser function within the DefUserController component of Dromara lamp-cloud versions 5.8.0 and 5.8.1. Improper authorization allows remote attackers to perform unauthorized actions by manipulating the function. The issue was reported early to the project, but no response or fix has been issued. The CVSS 4.0 base score is 5.3, indicating a medium severity with network attack vector, low complexity, no privileges required, and no user interaction needed.
Potential Impact
Exploitation of this vulnerability could allow remote attackers to bypass authorization controls in the affected function, potentially leading to unauthorized access or actions within the lamp-cloud application. The exact impact depends on the privileges and operations accessible via the pageUser function. No known exploits are currently observed in the wild.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should monitor the vendor's advisories for updates. Until a fix is released, consider restricting access to the affected functionality or implementing additional access controls as a temporary mitigation.
CVE-2026-5529: Improper Authorization in Dromara lamp-cloud
Description
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the pageUser function within the DefUserController component of Dromara lamp-cloud versions 5.8.0 and 5.8.1. Improper authorization allows remote attackers to perform unauthorized actions by manipulating the function. The issue was reported early to the project, but no response or fix has been issued. The CVSS 4.0 base score is 5.3, indicating a medium severity with network attack vector, low complexity, no privileges required, and no user interaction needed.
Potential Impact
Exploitation of this vulnerability could allow remote attackers to bypass authorization controls in the affected function, potentially leading to unauthorized access or actions within the lamp-cloud application. The exact impact depends on the privileges and operations accessible via the pageUser function. No known exploits are currently observed in the wild.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should monitor the vendor's advisories for updates. Until a fix is released, consider restricting access to the affected functionality or implementing additional access controls as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-04T06:26:51.702Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d1f7600a160ebd92af773e
Added to database: 4/5/2026, 5:47:12 AM
Last enriched: 4/5/2026, 5:47:22 AM
Last updated: 4/5/2026, 11:19:28 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.