📄 Description (English)
A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-2957 is a denial of service vulnerability in dst-admin versions up to 1.5.0 affecting the file backup deletion function. The vulnerability allows remote attackers to trigger DoS conditions through the BackupController component. With public exploit availability and no vendor patch, this poses an immediate threat to organizations using this backup management tool.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 28, 2026 04:45
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using dst-admin for backup management across critical sectors: Government agencies (NCA, CITC) relying on backup systems for continuity, Banking sector (SAMA-regulated institutions) dependent on backup infrastructure for transaction integrity, Healthcare organizations (MOH facilities) requiring uninterrupted backup services, Energy sector (ARAMCO, utilities) with backup-dependent SCADA systems, and Telecom providers (STC, Mobily) managing customer data backups. The DoS impact could disrupt backup operations, preventing disaster recovery capabilities and potentially violating SAMA CSF and NCA ECC compliance requirements.
🏢 Affected Saudi Sectors
Government
Banking
Healthcare
Energy
Telecommunications
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all dst-admin instances in your environment (versions ≤1.5.0) using network scanning and asset inventory tools
2. Restrict network access to dst-admin BackupController endpoints using firewall rules - limit to trusted administrative IPs only
3. Disable the deleteBackup function if not operationally critical, or implement API gateway rate limiting
4. Monitor backup deletion operations for anomalous patterns
Compensating Controls:
5. Implement Web Application Firewall (WAF) rules to detect and block malicious deleteBackup requests
6. Deploy IDS/IPS signatures to alert on suspicious backup controller access patterns
7. Enable comprehensive logging of all backup operations with SIEM integration
8. Implement backup redundancy to ensure recovery capability even if primary backup deletion occurs
Long-term:
9. Evaluate alternative backup solutions with active vendor support
10. If upgrading dst-admin, verify version >1.5.0 includes security patches
11. Implement API authentication and authorization controls on all backup functions
12. Conduct security code review of custom backup implementations
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ dst-admin في بيئتك (الإصدارات ≤1.5.0) باستخدام أدوات المسح والجرد
2. تقييد الوصول الشبكي إلى نقاط نهاية BackupController باستخدام قواعد جدار الحماية - حصر الوصول على عناوين IP إدارية موثوقة فقط
3. تعطيل وظيفة deleteBackup إذا لم تكن حرجة تشغيلياً، أو تطبيق تحديد معدل بوابة API
4. مراقبة عمليات حذف النسخ الاحتياطية للأنماط الشاذة
الضوابط البديلة:
5. تطبيق قواعد جدار تطبيقات الويب (WAF) للكشف عن طلبات deleteBackup الضارة وحجبها
6. نشر توقيعات IDS/IPS للتنبيه على أنماط الوصول المريبة لمراقب النسخ الاحتياطية
7. تفعيل السجلات الشاملة لجميع عمليات النسخ الاحتياطية مع تكامل SIEM
8. تطبيق تكرار النسخ الاحتياطية لضمان القدرة على الاسترجاع حتى لو حدث حذف النسخة الأساسية
المدى الطويل:
9. تقييم حلول النسخ الاحتياطية البديلة مع دعم البائع النشط
10. عند ترقية dst-admin، تحقق من أن الإصدار >1.5.0 يتضمن تصحيحات أمان
11. تطبيق المصادقة والتفويض على جميع وظائف النسخ الاحتياطية
12. إجراء مراجعة أمان الكود للتطبيقات المخصصة للنسخ الاحتياطية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.3.1 - Change management procedures for backup systems
ECC 2024 A.12.4.1 - Event logging and monitoring of backup operations
ECC 2024 A.13.1.3 - Segregation of backup infrastructure from production
🔵 SAMA CSF
SAMA CSF ID.BE-3 - Business continuity and disaster recovery planning
SAMA CSF PR.AC-1 - Access control to backup systems
SAMA CSF DE.CM-1 - Detection and monitoring of backup anomalies
SAMA CSF RS.MI-2 - Incident response for backup system compromise
🟡 ISO 27001:2022
ISO 27001:2022 A.8.3.4 - Segregation of duties in backup management
ISO 27001:2022 A.12.3.1 - Change management for backup systems
ISO 27001:2022 A.12.4.1 - Event logging and monitoring
ISO 27001:2022 A.13.1.3 - Backup and recovery procedures
🟣 PCI DSS v4.0.1
PCI DSS 3.2.1 - Backup procedures and testing
PCI DSS 10.2.1 - Logging of backup operations
PCI DSS 12.2.1 - Configuration standards for backup systems
🔗 References & Sources 4
🔗
https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/?ctiid.347324
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.347324
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.754510
cna@vuldb.com
Third Party Advisory
VDB Entry
📦 Affected Products / CPE 1 entries
dst-admin_project:dst-admin