CVE-2026-1978

Summary

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The exploit is now public and may be used. You should change the configuration settings.

Affected Software

VendorProductVersion RangeStatus
kalyan02NanoCMS0.1affected
kalyan02NanoCMS0.2affected
kalyan02NanoCMS0.3affected
kalyan02NanoCMS0.4affected

Weaknesses

  • CWE-425: Direct Request

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References