Vulnerability Description
A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/wing3e/public_exp/issues/3
- https://vuldb.com/?ctiid.353831
- https://vuldb.com/?id.353831
- https://vuldb.com/?submit.777516
FAQ
What is CVE-2026-4953?
CVE-2026-4953 is a vulnerability with a CVSS score of 7.3 (HIGH). A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing ...
How severe is CVE-2026-4953?
CVE-2026-4953 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-4953?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.