CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery

🗓️ 27 Mar 2026 14:13:36Reported by VulDBType

CVE-2026-4953 in mingSoft MCMS 5.5.0 enables server-side request forgery via catchImage.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-4953	27 Mar 202614:13	–	attackerkb
Circl	CVE-2026-4953	27 Mar 202617:22	–	circl
CNNVD	MingSoft MCMS 安全漏洞	27 Mar 202600:00	–	cnnvd
CVE	CVE-2026-4953	27 Mar 202614:13	–	cve
EUVD	EUVD-2026-16629	27 Mar 202615:30	–	euvd
NVD	CVE-2026-4953	27 Mar 202615:17	–	nvd
Positive Technologies	PT-2026-28679	27 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-4953	28 Mar 202616:59	–	redhatcve
Vulnrichment	CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery	27 Mar 202614:13	–	vulnrichment

[
  {
    "vendor": "mingSoft",
    "product": "MCMS",
    "versions": [
      {
        "version": "5.0",
        "status": "affected"
      },
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "5.2",
        "status": "affected"
      },
      {
        "version": "5.3",
        "status": "affected"
      },
      {
        "version": "5.4",
        "status": "affected"
      },
      {
        "version": "5.5.0",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Editor Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/wing3e/public_exp/issues/3
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

27 Mar 2026 22:16Current

CVSS 46.9

CVSS 3.17.3

CVSS 37.3

CVSS 27.5

EPSS0.00057

CWE-918