CVE-2026-1111 MEDIUM

CVE-2026-1111: Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal

Vendor Sanluan

Product PublicCMS

Weakness CWE-22 · Path traversal

Published January 18, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

January 18, 2026 CVE published

February 23, 2026 Record updated

Identifiers

CVE CVE-2026-1111

CWE CWE-22

CVSS 5.1 / MEDIUM

Affected versions

Vendor Sanluan

Product PublicCMS

Affected 5.202506.a

Vendor Sanluan

Product PublicCMS

Affected 5.202506.b

Vendor Sanluan

Product PublicCMS

Affected 5.202506.c

Vendor Sanluan

Product PublicCMS

Affected 5.202506.d