CVE-2026-4953

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Mar 27, 2026

Vendor unknown

Description

A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

References

https://github.com/wing3e/public_exp/issues/3
https://vuldb.com/?ctiid.353831
https://vuldb.com/?id.353831
https://vuldb.com/?submit.777516