CVE-2026-3289
Last modified
CVE-2026-3289 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. EPSS estimates a 0.68% chance of exploitation in the next 30 days.
Description
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Publiccms | Publiccms | 6.202506.d |
References
- https://vuldb.com/?ctiid.348017Permissions Required, Third Party Advisory, VDB Entry
- https://vuldb.com/?id.348017Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.759109Third Party Advisory, VDB Entry
- https://www.yuque.com/la12138/pa2fpb/wdggytgi4vhl93zd?singleDocExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-3289?
How severe is CVE-2026-3289?
How do I fix CVE-2026-3289?
Are you affected by CVE-2026-3289?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST