CVE-2026-4953

Summary

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Affected Software

VendorProductVersion RangeStatus
mingSoftMCMS5.0affected
mingSoftMCMS5.1affected
mingSoftMCMS5.2affected
mingSoftMCMS5.3affected
mingSoftMCMS5.4affected
mingSoftMCMS5.5.0affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References