What is CVE-2022-26352?

A critical vulnerability in the dotCMS ContentResource API could allow unauthenticated attackers to upload executable files, leading to remote code execution. Organizations must patch immediately to mitigate risks associated with this flaw.

What is the severity of CVE-2022-26352?

CVE-2022-26352 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2022-26352 in CISA KEV?

Yes. CVE-2022-26352 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2022-26352 | Critical Vulnerability in dotCMS

CVE-2022-26352 is a critical vulnerability affecting dotCMS versions 3.0 through 22.02. This vulnerability allows attackers to exploit the ContentResource API by crafting a multipart form request to upload files without proper filename sanitization. If an organization has anonymous content creation enabled, this vulnerability can be leveraged by unauthenticated attackers to upload malicious executable files such as .jsp files. The successful exploitation of this vulnerability may lead to remote code execution, posing significant risks to the organization's systems.

The severity of this vulnerability is categorized as critical, with a CVSS score of 9.8. This high score indicates a significant risk to organizations, as it allows for potential unauthorized access and control over the affected systems. Immediate action is required to mitigate these risks.

Currently, there is no public exploit confirmed for this vulnerability. However, organizations should remain vigilant as the risk of exploitation remains high due to its critical nature. Therefore, it is crucial for affected organizations to prioritize patching this vulnerability as soon as possible to prevent any potential attacks.

Organizations should prioritize patching immediately. This vulnerability represents a clear and present danger, necessitating swift remediation efforts.

Vulnerability Details

The vulnerability allows for directory traversal, enabling files to be saved outside of their designated storage locations. The vulnerability was published on July 17, 2022, and has been analyzed for its impact and exploitability. Its root cause lies in improper input validation within the ContentResource API.

Technical Analysis

The attack vector for CVE-2022-26352 is classified as network-based, requiring low attack complexity and no privileges or user interaction. This means an attacker can exploit the vulnerability remotely without needing authentication or any specific actions from the user. The impacts on confidentiality, integrity, and availability are all rated as high, indicating that an exploit could lead to severe consequences for affected organizations.

Risk & Impact Analysis

The real-world risk associated with CVE-2022-26352 includes unauthorized access to sensitive files and potential system compromise. If exploited, an attacker could gain control over the affected systems, leading to data breaches or service disruptions. Organizations using dotCMS must recognize the urgency of this vulnerability and assess their exposure. Given its high CVSS score and placement in the Known Exploited Vulnerabilities catalog, organizations should take proactive measures to patch this vulnerability in their environments.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

The vulnerability affects all versions of dotCMS from 3.0 to 22.02. Organizations using any version within this range should take immediate actions to apply necessary updates and patches.

Mitigation & Remediation

To mitigate this vulnerability, organizations must apply the appropriate patches as per vendor instructions. It is crucial to review the configurations and ensure that anonymous content creation is disabled unless necessary. Additionally, organizations should conduct security assessments to validate their exposure and implement proper network controls to limit unauthorized access.

Detection Guidance

Security teams should monitor logs for any unusual file uploads, particularly those with executable extensions. Behavioral anomalies such as unexpected changes in file storage locations should also be flagged for investigation. Setting up alerts for any unauthorized access attempts can further enhance the detection capabilities.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-26352 highlights the ongoing risks associated with improper input validation in web applications. Security teams should leverage this incident to enhance their security posture by implementing secure coding practices and regular vulnerability assessments. Organizations are encouraged to stay informed about the evolving threat landscape, and to consider adopting comprehensive security testing methodologies, such as penetration testing and continuous monitoring to uncover similar vulnerabilities before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-26352: Critical Vulnerability in dotCMS