All 4 CVE vulnerabilities found in dalfox, with AI-generated Chinese analysis, references, and POCs.
Vendor: hahwul
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-45088 | Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode CWE-73 | 7.5 | High | 2026-05-27 |
| CVE-2026-45087 | Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode CWE-15 | 10.0 | Critical | 2026-05-27 |
| CVE-2026-45089 | Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode CWE-73 | 8.2 | High | 2026-05-27 |
| CVE-2026-45090 | Dalfox: Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode) CWE-362 | 7.5 | High | 2026-05-27 |
All 4 known CVE vulnerabilities affecting dalfox with full Chinese analysis, references, and POCs where available.