Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: opendcim (1 article)Clear

openDCIM RCE chain weaponized in the wild - Chinese attacker uses AI vuln scanner Vulnhuntr to drop PHP web shells

VulnCheck says attackers are chaining three critical bugs (CVE-2026-28515, CVE-2026-28517, CVE-2026-28516) in openDCIM, an open-source data center management web app, to drop PHP web shells on exposed installs. All three rate CVSS 9.3 and cover missing authorization, OS command injection, and SQL injection. They can be combined over five HTTP requests to land a reverse shell. The activity comes from a single Chinese IP using what VulnCheck describes as a customized version of Vulnhuntr, a public AI-driven vulnerability discovery tool. The campaign is one of the first publicly documented cases of an open-source AI vuln scanner being repurposed for real-world exploitation.

Check
Identify openDCIM installs in your environment (check internal asset inventory and external attack surface). Review web server logs for /report_network_map.php access patterns since February 2026.
Affected
openDCIM versions before the February 2026 fix that addressed CVE-2026-28515, CVE-2026-28517, and CVE-2026-28516. Internet-exposed instances are at highest risk.
Fix
Upgrade openDCIM to the patched release. Remove internet exposure and put the app behind an authenticated reverse-proxy or VPN. Block the Chinese IP cluster VulnCheck has flagged.