CVE-2026-3289 MEDIUM

CVE-2026-3289: Sanluan PublicCMS Template Cache Generation TemplateCacheComponent.java saveMetadata path traversal

Vendor Sanluan

Product PublicCMS

Weakness CWE-22 · Path traversal

Published February 27, 2026

Last update February 27, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

February 27, 2026 CVE published

February 27, 2026 Record updated