A vulnerability categorized as critical has been discovered in DedeCMS 5.7.88 . This affects the function RemoveXSS of the file /plus/carbuyaction.php . The manipulation of the argument postname/des results in sql injection. This vulnerability is cataloged as CVE-2026-10608 . The attack may be launched remotely. Furthermore, there is an exploit available.