Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
MacCMS: Unauthenticated access to sensitive data via API
CVE-2026-4562
Summary
A security flaw in MacCMS allows attackers to access sensitive data without being authenticated. This means that if exploited, an attacker could potentially access confidential information without needing a valid login. Update your MacCMS installation to the latest version to fix this issue.
Original title
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation...
Original description
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-287
Improper Authentication
CWE-306
Missing Authentication for Critical Function
Published: 23 Mar 2026 · Updated: 23 Mar 2026 · First seen: 23 Mar 2026