CVE-2026-33560 Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type

🗓️ 26 Jun 2026 22:48:56Reported by icscertType

CVE-2026-33560 enables authenticated arbitrary file uploads on Daktronics DMP-5000 firmware with no validation.

Reporter	Title	Published	Views	Family All 6
ATTACKERKB	CVE-2026-33560	26 Jun 202622:48	–	attackerkb
Circl	CVE-2026-33560	25 Jun 202617:15	–	circl
CVE	CVE-2026-33560	26 Jun 202622:48	–	cve
EUVD	EUVD-2026-39924	27 Jun 202600:30	–	euvd
NVD	CVE-2026-33560	26 Jun 202623:17	–	nvd
Positive Technologies	PT-2026-52989	26 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "Daktronics",
    "product": "VFC-DMP-5000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v8.117.x.x",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v9.43.x.x",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v10.34.x.x",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Daktronics",
    "product": "DMP-5000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v10.34.x.x",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v8.117.x.x",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v9.43.x.x",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Daktronics",
    "product": "DMP-8000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v10.34.x.x",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v8.117.x.x",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v9.43.x.x",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-26-176-04
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json

26 Jun 2026 22:48Current

CVSS 3.17.1

CVSS 48.4

CWE-434