Vulnerability in Sanluan Publiccms
CVE-2026-6796
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This ma…
EPSS: 0.000 (2.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X.
Affected products
- Sanluan Publiccms — versions 6.202506.a, 6.202506.b, 6.202506.c
Weakness classification (CWE)
References
- VDB-358490 | Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file (vdb-entry, technical-description)
- VDB-358490 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
- Submit #794797 | PublicCMS V6.202506.d Insertion of Sensitive Information Into Log Code (third-party-advisory)
Frequently asked questions
- What is CVE-2026-6796?
- CVE-2026-6796 is a medium-severity vulnerability in Sanluan Publiccms, classified under Cleartext Storage in a File or on Disk. CVSS score: 4.3/10. Published 2026-04-21.
- How severe is CVE-2026-6796?
- Medium severity. CVSS v3 base score is 4.3 out of 10.