CVE-2026-29909 - Vulnerability Details

Description

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.

Published: 2026-03-30

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in MRCMS 3.1.2 allows remote attackers to enumerate the contents of server directories through the /admin/file/list.do endpoint. Because the endpoint lacks authentication controls and proper input validation, any user can retrieve listings of files stored on the server. This defect represents an input validation flaw (CWE‑20) and an unauthenticated access weakness (CWE‑425). An attacker who invokes the endpoint can gain visibility into file names and directory structure, potentially revealing sensitive configuration files or user data, thereby compromising confidentiality and providing information that could aid further attacks.

Affected Systems

The affected product is the MRCMS content management system, version 3.1.2. No other vendors or product variants are listed as affected in the available data.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate risk. The EPSS score is below 1 %, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote and unauthenticated; an attacker merely needs to send an HTTP request to the vulnerable endpoint to enumerate directory listings. Because no authentication is required, any web‐accessible client can exploit the flaw, but the lack of persistence or destructive impact limits the severity to information disclosure rather than code execution or denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Mrcms

100%

Version	Status	Scheme	Platform
`3.1.2`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Acquire and install the latest patch or upgrade to a newer version of MRCMS that secures the /admin/file/list.do endpoint.
If an update cannot be applied immediately, restrict network access to the /admin/file/list.do endpoint using firewall rules, IP whitelisting, or by moving the server to an internal network only.
Disable or remove the file management module if it is not required for business operations.
Verify after remediation that accessing /admin/file/list.do no longer returns directory listings or authenticated prompts.

Generated by OpenCVE AI on April 2, 2026 at 22:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md
https://github.com/wuweiit/mushroom

History

Fri, 03 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
Title	Unauthenticated Directory Enumeration in MRCMS V3.1.2 File Management

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		Unauthenticated Directory Enumeration in MRCMS V3.1.2 File Management
First Time appeared		Mrcms Mrcms mrcms
CPEs		cpe:2.3:a:mrcms:mrcms:3.1.2:::::::*
Vendors & Products		Mrcms Mrcms mrcms

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title	Unauthenticated Directory Enumeration in MRCMS V3.1.2 File Management Module
Weaknesses	CWE-284

Tue, 31 Mar 2026 03:00:00 +0000

Type	Values Removed	Values Added
Title		Unauthenticated Directory Enumeration in MRCMS V3.1.2 File Management Module
Weaknesses		CWE-284

Mon, 30 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20 CWE-425
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Mar 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.
References		https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md https://github.com/wuweiit/mushroom

Subscriptions

Mrcms Mrcms

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-30T00:00:00.000Z

Updated: 2026-03-30T19:24:14.343Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-29909

Vulnrichment

Updated: 2026-03-30T19:22:30.206Z

NVD

Status : Analyzed

Published: 2026-03-30T17:16:15.750

Modified: 2026-04-02T17:11:00.893

Link: CVE-2026-29909

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-03T09:38:24Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object