Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Sanluan PublicCMS 6.202506.d: Path Traversal Attack Risk
CVE-2026-3289
Summary
The saveMetadata function in Sanluan PublicCMS 6.202506.d is vulnerable to a path traversal attack, which can be exploited remotely. This means an attacker could potentially access and manipulate files on your server, which could lead to unauthorized data access or other security issues. It's recommended that you update to a patched version of the software as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| publiccms | publiccms | 6.202506.d | – |
Original title
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing ...
Original description
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
9.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-22
Path Traversal
- https://vuldb.com/?ctiid.348017 Permissions Required Third Party Advisory VDB Entry
- https://vuldb.com/?id.348017 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.759109 Third Party Advisory VDB Entry
- https://www.yuque.com/la12138/pa2fpb/wdggytgi4vhl93zd?singleDoc Exploit Third Party Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026