CVE-2026-1111 is a path traversal vulnerability identified in Sanluan PublicCMS, a content management system, affecting versions up to 5.202506.d. The vulnerability resides in the Save function of the Task Template Management Handler component, specifically within the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java. An attacker with high-level privileges can manipulate the 'path' argument to traverse directories outside the intended scope, potentially reading or writing arbitrary files on the server. This can lead to unauthorized disclosure or modification of sensitive files, impacting confidentiality and integrity. The vulnerability can be exploited remotely over the network without user interaction but requires authenticated access with elevated privileges, limiting the attack surface. The vendor was notified but has not responded or released a patch, and no known exploits have been observed in the wild so far. The CVSS 4.0 score of 5.1 reflects a medium severity, considering the ease of exploitation and the requirement for high privileges. This vulnerability highlights the importance of secure input validation and access control in CMS components that handle file operations.

The path traversal vulnerability in Sanluan PublicCMS can allow attackers with high privileges to access or modify files outside the intended directories, potentially leading to unauthorized disclosure of sensitive information, tampering with configuration or system files, and disruption of CMS operations. While exploitation requires authenticated access with elevated privileges, successful attacks could compromise the confidentiality and integrity of the affected systems. This may result in data breaches, defacement, or further escalation of privileges if critical files are manipulated. Organizations relying on PublicCMS for web content management could face operational disruptions and reputational damage. The lack of vendor response and patches increases the risk of future exploitation, especially if attackers develop public exploits. The impact is somewhat contained by the privilege requirement but remains significant for organizations with multiple users having administrative access.

1. Immediately audit and restrict user privileges to ensure only trusted users have high-level access to the CMS, minimizing the risk of exploitation. 2. Implement strict input validation and sanitization on all file path parameters within the CMS, especially in the Task Template Management Handler, to prevent directory traversal sequences. 3. Monitor server logs and CMS activity for unusual file access patterns or attempts to manipulate file paths. 4. Deploy web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the vulnerable endpoint. 5. If possible, isolate the CMS environment and limit filesystem permissions to restrict the impact of any successful traversal. 6. Engage with the vendor or community to obtain patches or updates once available, and apply them promptly. 7. Consider temporary compensating controls such as disabling the vulnerable functionality if feasible until a patch is released. 8. Conduct regular security assessments and penetration tests focusing on file handling components of the CMS.