Medium severity4.3NVD Advisory· Published Apr 5, 2026· Updated Apr 29, 2026

CVE-2026-5529

Description

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Dromara/Lamp Cloudreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dromara/lamp-cloud/issues/403nvd
vuldb.com/submit/782103nvd
vuldb.com/vuln/355282nvd
vuldb.com/vuln/355282/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000