CVE-2026-1112: Improper Authorization in Sanluan PublicCMS
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2026-1112 is an improper authorization vulnerability identified in Sanluan PublicCMS versions up to 5.202506.d, specifically within the Trade Address Deletion Endpoint implemented in the TradeAddressController.java file. The vulnerability arises from insufficient authorization checks when processing the 'ids' parameter used to specify trade addresses for deletion. An attacker can remotely manipulate this parameter to delete trade address records without possessing the necessary privileges, bypassing intended access controls. The vulnerability does not require user interaction and can be exploited over the network with low complexity, as no authentication or elevated privileges are needed beyond a low-level privilege. The CVSS 4.0 base score is 5.3 (medium severity), reflecting moderate impact on confidentiality, integrity, and availability, with partial impact on integrity and availability due to unauthorized deletion of data. The vendor was notified early but has not responded, and no official patches or mitigations have been released. The exploit code has been publicly disclosed, increasing the risk of exploitation. This vulnerability primarily threatens the integrity and availability of trade address data managed by PublicCMS, potentially disrupting business operations or enabling data tampering. Given the public nature of the exploit and lack of vendor response, organizations must proactively implement compensating controls to mitigate risk.
Potential Impact
For European organizations, especially those relying on Sanluan PublicCMS for managing trade or e-commerce data, this vulnerability poses a risk of unauthorized deletion of critical trade address information. Such unauthorized deletions can lead to operational disruptions, loss of data integrity, and potential downstream effects on order processing, customer management, and compliance reporting. The impact extends to availability since deleted data may not be recoverable without backups, affecting business continuity. Confidentiality impact is minimal, but integrity and availability impacts are moderate. The public availability of exploit code increases the likelihood of opportunistic attacks, particularly targeting organizations with weak network segmentation or insufficient access controls. Organizations in sectors with high transaction volumes or regulatory requirements for data integrity (e.g., finance, retail, logistics) are at greater risk. The lack of vendor patches necessitates immediate attention to mitigate potential exploitation and maintain trust with customers and partners.
Mitigation Recommendations
1. Implement strict access control validation on the Trade Address Deletion Endpoint, ensuring only authorized roles can perform deletions. 2. Employ input validation and parameter sanitization to detect and block manipulation of the 'ids' parameter. 3. Monitor logs for unusual deletion requests or patterns indicative of exploitation attempts. 4. Restrict network access to PublicCMS administrative interfaces using firewalls or VPNs to limit exposure. 5. Maintain regular backups of trade address data to enable recovery in case of unauthorized deletions. 6. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious deletion requests. 7. Engage in active threat hunting for indicators of compromise related to this vulnerability. 8. If feasible, isolate PublicCMS instances handling sensitive trade data from internet-facing environments. 9. Advocate for vendor engagement and track for official patches or updates. 10. Educate internal teams about the vulnerability and response procedures to ensure rapid detection and mitigation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
CVE-2026-1112: Improper Authorization in Sanluan PublicCMS
Description
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2026-1112 is an improper authorization vulnerability identified in Sanluan PublicCMS versions up to 5.202506.d, specifically within the Trade Address Deletion Endpoint implemented in the TradeAddressController.java file. The vulnerability arises from insufficient authorization checks when processing the 'ids' parameter used to specify trade addresses for deletion. An attacker can remotely manipulate this parameter to delete trade address records without possessing the necessary privileges, bypassing intended access controls. The vulnerability does not require user interaction and can be exploited over the network with low complexity, as no authentication or elevated privileges are needed beyond a low-level privilege. The CVSS 4.0 base score is 5.3 (medium severity), reflecting moderate impact on confidentiality, integrity, and availability, with partial impact on integrity and availability due to unauthorized deletion of data. The vendor was notified early but has not responded, and no official patches or mitigations have been released. The exploit code has been publicly disclosed, increasing the risk of exploitation. This vulnerability primarily threatens the integrity and availability of trade address data managed by PublicCMS, potentially disrupting business operations or enabling data tampering. Given the public nature of the exploit and lack of vendor response, organizations must proactively implement compensating controls to mitigate risk.
Potential Impact
For European organizations, especially those relying on Sanluan PublicCMS for managing trade or e-commerce data, this vulnerability poses a risk of unauthorized deletion of critical trade address information. Such unauthorized deletions can lead to operational disruptions, loss of data integrity, and potential downstream effects on order processing, customer management, and compliance reporting. The impact extends to availability since deleted data may not be recoverable without backups, affecting business continuity. Confidentiality impact is minimal, but integrity and availability impacts are moderate. The public availability of exploit code increases the likelihood of opportunistic attacks, particularly targeting organizations with weak network segmentation or insufficient access controls. Organizations in sectors with high transaction volumes or regulatory requirements for data integrity (e.g., finance, retail, logistics) are at greater risk. The lack of vendor patches necessitates immediate attention to mitigate potential exploitation and maintain trust with customers and partners.
Mitigation Recommendations
1. Implement strict access control validation on the Trade Address Deletion Endpoint, ensuring only authorized roles can perform deletions. 2. Employ input validation and parameter sanitization to detect and block manipulation of the 'ids' parameter. 3. Monitor logs for unusual deletion requests or patterns indicative of exploitation attempts. 4. Restrict network access to PublicCMS administrative interfaces using firewalls or VPNs to limit exposure. 5. Maintain regular backups of trade address data to enable recovery in case of unauthorized deletions. 6. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious deletion requests. 7. Engage in active threat hunting for indicators of compromise related to this vulnerability. 8. If feasible, isolate PublicCMS instances handling sensitive trade data from internet-facing environments. 9. Advocate for vendor engagement and track for official patches or updates. 10. Educate internal teams about the vulnerability and response procedures to ensure rapid detection and mitigation.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-01-17T08:58:12.479Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 696c7d25d302b072d9a388f8
Added to database: 1/18/2026, 6:26:45 AM
Last enriched: 1/25/2026, 7:37:43 PM
Last updated: 2/7/2026, 2:57:02 PM
Views: 50
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2088: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2026-2087: SQL Injection in SourceCodester Online Class Record System
MediumCVE-2026-2086: Buffer Overflow in UTT HiPER 810G
HighOrganizations Urged to Replace Discontinued Edge Devices
MediumCVE-2026-2085: Command Injection in D-Link DWR-M921
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.