CVE-2026-8737

5.3 MEDIUM

A weakness has been identified in Sanluan PublicCMS 5.202506.d

Published: 2026-05-17 · Last updated: 2026-05-18

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-287, CWE-306

Description

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argument userId/id can lead to missing authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8737
[Other]https://vuldb.com/submit/809885
[Other]https://vuldb.com/vuln/364325
[Other]https://vuldb.com/vuln/364325/cti
[Other]https://vulnplus-note.wetolink.com/share/VqmGhijVKGBM

Related CVEs

Same CWE

CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
CVE-2018-25437 — WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download... (7.5 HIGH)
CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)