A vulnerability was found in DedeCMS 5.7.88 . It has been rated as critical . The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php . The manipulation of the argument msg leads to sql injection. This vulnerability is listed as CVE-2026-10607 . The attack may be initiated remotely. In addition, an exploit is available.