Description
A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-03-27
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Server-side request forgery (SSRF)
Action: Immediate Patch
AI Analysis

Impact

A weakness has been identified in the catchImage function of the Editor Endpoint in mingSoft MCMS 迄 5.5.0. The vulnerability is triggered by manipulating the catchimage argument, which allows a remote attacker to cause the server to send HTTP requests to arbitrary URLs. This manifests as a server‑side request forgery (SSRF) that can expose internal services or allow further exploitation. Publicly available exploit code demonstrates how the flaw can be abused remotely, potentially leading to unauthorized data access or privilege escalation on the host.

Affected Systems

The affected software is mingSoft MCMS version 5.5.0 and earlier. Any deployment of these versions of the Editor Endpoint is susceptible. The only vendor listed is mingSoft, and the product name is MCMS.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and no EPSS data is available. The flaw is not listed in the CISA KEV catalog, but the presence of a public exploit and remote attack capability raise the practical risk. The attack does not require authentication and can be executed by sending a crafted request to the catchImage endpoint. Once exploited, an attacker could request internal resources or possibly execute arbitrary commands if the environment is vulnerable to further payloads.

Generated by OpenCVE AI on March 27, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or upgrade to a version that incorporates the SSRF fix.
  • If a patch is unavailable, restrict or remove access to the catchImage endpoint and sanitize the catchimage parameter to prevent arbitrary URL construction.
  • Verify that internal services are not exposed through the application, and monitor traffic for unexpected requests to internal URLs.
  • Consider disabling the Editor Endpoint or disabling the catchImage feature until a patch is applied.

Generated by OpenCVE AI on March 27, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title mingSoft MCMS Editor Endpoint BaseAction.java catchImage privilege escalation
First Time appeared Mingsoft
Mingsoft mcms
Weaknesses CWE-918
CPEs cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*
Vendors & Products Mingsoft
Mingsoft mcms
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mingsoft Mcms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T14:13:36.216Z

Reserved: 2026-03-27T07:53:19.014Z

Link: CVE-2026-4953

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T15:17:02.060

Modified: 2026-03-27T15:17:02.060

Link: CVE-2026-4953

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:39Z

Weaknesses