Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202606-00000004

[Content Description]
【Interface｜DreamMaker - Arbitrary File Upload】(CVE-2026-10071, CVSS: 9.8) An unauthenticated remote attacker can upload and execute a web backdoor program, thereby executing arbitrary code on the server.

[Affected Platforms]
DreamMaker Java Composer 2.2 and earlier versions

[Recommended Action]
Update to Java Composer 2.3 and later versions