CVE-2026-9609

Summary

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
QianFoxFoxCMS1.2.0affected
QianFoxFoxCMS1.2.1affected
QianFoxFoxCMS1.2.2affected
QianFoxFoxCMS1.2.3affected
QianFoxFoxCMS1.2.4affected
QianFoxFoxCMS1.2.5affected
QianFoxFoxCMS1.2.6affected

Weaknesses

  • CWE-640: Weak Password Recovery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References