CVE-2026-1978 MEDIUM

CVE-2026-1978: kalyan02 NanoCMS User Information pagesdata.txt direct request

Vendor Kalyan02
Product NanoCMS
Weakness CWE-425 · Forced browsing
Published February 6, 2026
Last update February 23, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The exploit is now public and may be used. You should change the configuration settings.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 23, 2026 Record updated