CVE-2026-1112: Low Vulnerability in PublicCMS

A vulnerability was found in Sanluan PublicCMS up to version 5.202506.d. This vulnerability allows improper authorization through the function delete of the Trade Address Deletion Endpoint. An attacker can manipulate the argument ids, potentially leading to unauthorized actions being executed remotely. The exploit has been made public, indicating that it could be used by anyone with knowledge of the vulnerability. The vendor was contacted early about this disclosure but did not respond in any way.

The CVSS score for this vulnerability is 2.1, categorizing it as low severity. While the impact on confidentiality is none, there are low impacts on integrity and availability. Organizations utilizing PublicCMS should be aware of the potential risks, as this vulnerability could be exploited if not addressed promptly.

Although the exploit is currently available, it is important to note that the overall exploitability is considered low. Therefore, organizations should evaluate their security posture regarding this vulnerability and implement necessary mitigation strategies.

Organizations should prioritize patching immediately to safeguard their systems and prevent any potential unauthorized access through this vulnerability.

Vulnerability Details

A vulnerability exists in the Trade Address Deletion Endpoint of PublicCMS, specifically affecting versions up to 5.202506.d. The vulnerability arises from improper authorization due to inadequate input validation in the delete function located in the TradeAddressController.java file. When the ids argument is manipulated, it results in unauthorized access to delete operations.

The vulnerability was disclosed on January 18, 2026, and has been assigned a CVSS score of 2.1, indicating a low severity level. The attack vector is network-based, with a low attack complexity and low privileges required to exploit the vulnerability. The CWE classifications for this vulnerability are CWE-266 (Incorrect Privilege Assignment) and CWE-285 (Improper Authorization).

Technical Analysis

The root cause of the vulnerability stems from improper authorization checks in the delete function of the Trade Address Deletion Endpoint. This oversight allows attackers to manipulate the input parameters to bypass security controls.

The attack vector is network-based, allowing remote exploitation without the need for physical access. The attack complexity is low, meaning that an attacker with minimal technical knowledge can exploit this vulnerability. The privileges required to exploit this vulnerability are low, as the attacker does not need special access rights.

User interaction is not required for exploitation. The integrity impact is low, as the attacker could change or delete data without proper authorization. Similarly, the availability impact is also low, as it does not disrupt service availability.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive operations within PublicCMS, potentially leading to data integrity issues. The low severity of the vulnerability may reduce immediate concern but does not negate the necessity for organizations to assess their exposure.

Given the low CVSS score and the lack of active exploitation indications, organizations can prioritize remediation within their routine maintenance cycle. Nonetheless, the potential for exploitation means that organizations should remain vigilant and monitor for any unusual activities.

Organizations should address in priority patch cycle to minimize the risk associated with this vulnerability.

Exploitation Status

Affected Versions

All versions of PublicCMS prior to version 5.202506.d are affected by this vulnerability. Organizations should ensure they are running the latest version to protect against potential exploitation.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest patches provided by the vendor. Regular updates are essential for maintaining security. In addition, organizations should consider implementing configuration hardening measures to prevent unauthorized access.

If patches are unavailable, organizations may need to implement network access controls to limit exposure to the affected components. Monitoring for unusual activity related to the Trade Address Deletion Endpoint is also recommended.

Organizations should validate remediation effectiveness through penetration testing to identify similar weaknesses.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts or unusual behavior associated with the Trade Address Deletion Endpoint. Behavioral anomalies may indicate attempts to exploit this vulnerability.

In addition, network signatures that detect unauthorized deletion requests should be implemented. System changes, particularly in the TradeAddressController.java file, should be closely monitored for any unexpected modifications.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the need for organizations to maintain robust security practices. This incident serves as a reminder that even low-severity vulnerabilities can lead to significant impacts if left unaddressed.

The pattern exhibited in this vulnerability illustrates the importance of thorough input validation and authorization checks. Security teams should review their existing measures to ensure they are effective against similar attacks.

As a strategic defensive takeaway, organizations are encouraged to adopt a proactive approach to security by implementing regular security assessments and keeping abreast of emerging vulnerabilities.

For more on maintaining application security, consider reading our insights on vulnerability management programs and the importance of penetration testing methodologies in identifying risks before they can be exploited.

Additionally, keeping informed about security testing best practices can further enhance your organization's defenses.