{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6797", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-21T14:35:45.285Z", "datePublished": "2026-04-21T20:45:13.606Z", "dateUpdated": "2026-04-22T17:30:24.636Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-21T20:45:13.606Z"}, "title": "Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "Resource Consumption"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "Sanluan", "product": "PublicCMS", "versions": [{"version": "6.202506.a", "status": "affected"}, {"version": "6.202506.b", "status": "affected"}, {"version": "6.202506.c", "status": "affected"}, {"version": "6.202506.d", "status": "affected"}], "cpes": ["cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:ND"}}], "timeline": [{"time": "2026-04-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-21T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-21T16:40:56.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LeyNn3H (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358491", "name": "VDB-358491 | Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358491/cti", "name": "VDB-358491 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794798", "name": "Submit #794798 | PublicCMS V6.202506.d Improper Handling of Highly Compressed Data (Data Amplification)", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T17:29:54.736690Z", "id": "CVE-2026-6797", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:30:24.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6797", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T17:29:54.736690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:30:09.903Z"}}], "cna": {"title": "Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption", "credits": [{"lang": "en", "type": "reporter", "value": "LeyNn3H (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:ND"}}], "affected": [{"cpes": ["cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*"], "vendor": "Sanluan", "product": "PublicCMS", "versions": [{"status": "affected", "version": "6.202506.a"}, {"status": "affected", "version": "6.202506.b"}, {"status": "affected", "version": "6.202506.c"}, {"status": "affected", "version": "6.202506.d"}]}], "timeline": [{"lang": "en", "time": "2026-04-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-21T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-21T16:40:56.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/358491", "name": "VDB-358491 | Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358491/cti", "name": "VDB-358491 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794798", "name": "Submit #794798 | PublicCMS V6.202506.d Improper Handling of Highly Compressed Data (Data Amplification)", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-21T20:45:13.606Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6797", "state": "PUBLISHED", "dateUpdated": "2026-04-22T17:30:24.636Z", "dateReserved": "2026-04-21T14:35:45.285Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-21T20:45:13.606Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6797", "lastModified": "2026-04-22T20:22:50.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-21T21:16:48.593", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/794798"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358491"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358491/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "publiccms", "vendor": "publiccms"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.202506.a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.202506.b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.202506.c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.202506.d"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PublicCMS", "source": "cna", "vendor": "Sanluan"}, "product": "publiccms", "vendor": "sanluan"}], "analysis": {"en": {"generated_at": "2026-04-22T06:25:00.259388+00:00", "value": {"mitigation_remediation": ["Upgrade Sanluan PublicCMS to the latest release that removes or restricts the ZipSecureFile.setMinflateRatio function.", "If an update is not yet available, reconfigure the application to reject or heavily limit ZIP file uploads, or enforce strict memory and CPU limits for the conversion process.", "Modify the source (or configuration) to set the minimum inflate ratio to a safe, conservative value, thereby preventing excessive resource use.", "Continuously monitor system resource usage for anomalous spikes during ZIP\u2010to\u2010HTML conversions and be prepared to block or throttle suspicious requests to mitigate denial\u2011of\u2011service activity."], "summary": {"action": "Apply patch", "impact": "Denial of Service via Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "Affected systems are instances of Sanluan PublicCMS, specifically any installation running version 6.202506.d or earlier. No later versions have been documented to contain the issue.", "description_and_impact": "A vulnerability has been discovered in Sanluan PublicCMS up to version 6.202506.d. The defect lies in the ZipSecureFile.setMinflateRatio method within DocToHtmlUtils.java, allowing an attacker to manipulate the minimum inflate ratio of ZIP streams. This manipulation consumes CPU and memory resources, resulting in a denial\u2011of\u2011service condition. The flaw can be triggered remotely, as the vulnerable function processes external ZIP inputs.", "risk_and_exploitability": "The CVSS score for this vulnerability is 5.3, indicating a medium impact. The EPSS score is unavailable and the vulnerability is not listed in CISA\u2019s KEV catalog. Because the attack vector is remote, an adversary could trigger the resource drain without local access. The known CWEs (CWE\u2011400 and CWE\u2011404) suggest that the attack is based on uncontrolled resource consumption and missing bounds checking. Although no public exploit code is currently available, the medium score and remote nature of the flaw warrant cautious monitoring and prompt patching."}}}}, "created": "2026-04-22T03:45:06.831741+00:00", "updated": "2026-04-22T06:30:10.674609+00:00", "vendors": ["publiccms", "publiccms$PRODUCT$publiccms", "sanluan", "sanluan$PRODUCT$publiccms"]}