{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2666", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-18T09:01:48.810Z", "datePublished": "2026-02-18T20:02:09.402Z", "dateUpdated": "2026-02-23T10:19:52.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:19:52.686Z"}, "title": "mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "Unrestricted Upload"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "mingSoft", "product": "MCMS", "versions": [{"version": "6.1.1", "status": "affected"}], "cpes": ["cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*"], "modules": ["Template Archive Handler"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-21T19:31:06.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Unnlucky1 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346463", "name": "VDB-346463 | mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346463", "name": "VDB-346463 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753243", "name": "Submit #753243 | mingSoft MCMS 6.1.1 Conditional competition", "tags": ["third-party-advisory"]}, {"url": "https://github.com/chujianxin0101/vuln/issues/11", "tags": ["issue-tracking"]}, {"url": "https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T20:35:24.136146Z", "id": "CVE-2026-2666", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:35:38.957Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2666", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T20:35:24.136146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:35:28.313Z"}}], "cna": {"title": "mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload", "credits": [{"lang": "en", "type": "reporter", "value": "Unnlucky1 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*"], "vendor": "mingSoft", "modules": ["Template Archive Handler"], "product": "MCMS", "versions": [{"status": "affected", "version": "6.1.1"}]}], "timeline": [{"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-18T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-21T19:31:06.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346463", "name": "VDB-346463 | mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346463", "name": "VDB-346463 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753243", "name": "Submit #753243 | mingSoft MCMS 6.1.1 Conditional competition", "tags": ["third-party-advisory"]}, {"url": "https://github.com/chujianxin0101/vuln/issues/11", "tags": ["issue-tracking"]}, {"url": "https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "Unrestricted Upload"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:19:52.686Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2666", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:19:52.686Z", "dateReserved": "2026-02-18T09:01:48.810Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-18T20:02:09.402Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mingsoft:mcms:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B070C1C-2A31-450F-BE3D-D642A69B7CD4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used."}, {"lang": "es", "value": "Se ha encontrado un fallo en mingSoft MCMS 6.1.1. Est\u00e1 afectada una funci\u00f3n desconocida del archivo /ms/file/uploadTemplate.do del componente Template Archive Handler. Si se ejecuta el argumento File manipulado se puede lograr una carga sin restricciones. El ataque puede lanzarse en remoto. El exploit ha sido publicado y puede utilizarse."}], "id": "CVE-2026-2666", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-18T20:18:37.297", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/chujianxin0101/vuln/issues/11"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346463"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346463"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.753243"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MCMS", "source": "cna", "vendor": "mingSoft"}, "product": "mcms", "vendor": "mingsoft"}], "analysis": {"en": {"generated_at": "2026-04-17T18:31:05.867939+00:00", "value": {"mitigation_remediation": ["Upgrade MingSoft MCMS to the latest patched release or apply any vendor\u2011supplied patch that corrects the unrestricted upload issue.", "Configure the uploadTemplate.do endpoint to accept only approved file types and enforce strict size limits, rejecting all other uploads.", "Store uploaded files outside the web\u2011accessible directory or set the directory to non\u2011executable, and regularly audit for unauthorized uploads."], "summary": {"action": "Patch", "impact": "Unrestricted File Upload"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the mingSoft MCMS product, specifically version 6.1.1. No other affected versions are listed in the data provided.", "description_and_impact": "A bug in mingSoft MCMS 6.1.1 allows an attacker to manipulate the File argument of the /ms/file/uploadTemplate.do endpoint, leading to the ability to upload arbitrary files. The flaw stems from a missing validation routine, which permits any file type and size to be stored by the web application. If an uploaded file contains executable code or system configuration changes, this can result in remote code execution, defacement, or other compromise of confidentiality, integrity, or availability. The vulnerability is classified with CVSS 5.1, indicating a medium severity for the potential impact.", "risk_and_exploitability": "The vulnerability is exploitable from a remote host via the uploadTemplate.do URL. While the empirical EPSS score is less than 1%, an exploit has already been published and may be in use. The CVSS score of 5.1 reflects the moderate impact; however, the lack of public KEV listing and low EPSS suggest that exploitation is currently uncommon but possible for actors with sufficient motivation and access to the application."}}}}, "created": "2026-02-19T10:11:21.006898+00:00", "updated": "2026-04-17T18:45:25.535945+00:00", "vendors": ["mingsoft", "mingsoft$PRODUCT$mcms"]}