{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4953", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T07:53:19.014Z", "datePublished": "2026-03-27T14:13:36.216Z", "dateUpdated": "2026-03-30T12:05:18.706Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T22:16:09.304Z"}, "title": "mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "mingSoft", "product": "MCMS", "versions": [{"version": "5.0", "status": "affected"}, {"version": "5.1", "status": "affected"}, {"version": "5.2", "status": "affected"}, {"version": "5.3", "status": "affected"}, {"version": "5.4", "status": "affected"}, {"version": "5.5.0", "status": "affected"}], "cpes": ["cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*"], "modules": ["Editor Endpoint"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T08:58:28.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Winegee (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.353831", "name": "VDB-353831 | mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353831", "name": "VDB-353831 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777516", "name": "Submit #777516 | mingSoft MCMS 5.5.0 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wing3e/public_exp/issues/3", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T12:05:09.797420Z", "id": "CVE-2026-4953", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T12:05:18.706Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4953", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T12:05:09.797420Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T12:05:14.898Z"}}], "cna": {"title": "mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "Winegee (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*"], "vendor": "mingSoft", "modules": ["Editor Endpoint"], "product": "MCMS", "versions": [{"status": "affected", "version": "5.0"}, {"status": "affected", "version": "5.1"}, {"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.3"}, {"status": "affected", "version": "5.4"}, {"status": "affected", "version": "5.5.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-27T08:58:28.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.353831", "name": "VDB-353831 | mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353831", "name": "VDB-353831 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777516", "name": "Submit #777516 | mingSoft MCMS 5.5.0 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wing3e/public_exp/issues/3", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T22:16:09.304Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4953", "state": "PUBLISHED", "dateUpdated": "2026-03-30T12:05:18.706Z", "dateReserved": "2026-03-27T07:53:19.014Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-27T14:13:36.216Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "id": "CVE-2026-4953", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-27T15:17:02.060", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/wing3e/public_exp/issues/3"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353831"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353831"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.777516"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.5.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MCMS", "source": "cna", "vendor": "mingSoft"}, "product": "mcms", "vendor": "mingsoft"}], "analysis": {"en": {"generated_at": "2026-03-28T05:36:33.513068+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011issued patch or upgrade MingSoft MCMS to a version newer than 5.5.0 that removes the vulnerable catchImage functionality.", "If an immediate upgrade is not feasible, restrict outbound traffic from the affected server or disable the catchImage endpoint altogether.", "Validate and sanitize any user\u2011supplied URLs before the application attempts to retrieve images to prevent unintended network requests.", "Monitor application logs for unexpected outbound requests originating from the catchImage feature.", "Check the vendor\u2019s website and security advisories regularly for updates or additional mitigation guidance."], "summary": {"action": "Immediate Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in all MingSoft MCMS installations running version 5.5.0 or earlier, specifically within the Editor Endpoint component implemented in BaseAction.java. Any deployment that has not upgraded beyond this version remains susceptible unless the catchImage endpoint has been disabled or otherwise restricted.", "description_and_impact": "A flaw in the catchImage method of MingSoft MCMS allows an attacker to supply a manipulated parameter that causes the application to perform arbitrary outbound HTTP requests. This can lead the vulnerable server to reach internal or external resources, potentially exfiltrating data or interacting with other services without authorization. The weakness falls under CWE\u2011918 and is rated as a Medium severity issue with a base score of 6.9.", "risk_and_exploitability": "The moderate score indicates a non\u2011zero risk, while the lack of an EPSS value means current exploit probability data is unavailable. The attack can be executed remotely by sending crafted input to the catchImage parameter, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. Without remediation, an attacker can trigger the server to contact arbitrary URLs, potentially exposing internal services or leaking sensitive data."}}}}, "created": "2026-03-27T20:28:39.167557+00:00", "updated": "2026-03-30T07:01:51.067946+00:00", "vendors": ["mingsoft", "mingsoft$PRODUCT$mcms"]}