Vulnerabilities ›

CVE-2026-26682

High ⚡ Exploit Available

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component

CWE-94 — Weakness Type

                    Published: Feb 26, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component

🤖 AI Executive Summary

CVE-2026-26682 is a high-severity arbitrary code execution vulnerability in fastCMS versions before 0.1.6, exploitable by local attackers through the PluginController component. With an available exploit and CVSS score of 7.8, this poses an immediate threat to organizations using fastCMS for content management. Patching to version 0.1.6 or later is critical to prevent unauthorized code execution and potential system compromise.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 29, 2026 11:17

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations using fastCMS for website and content management, including government agencies, educational institutions, and private sector companies managing public-facing portals. Government entities under NCA oversight and organizations in the media/publishing sector are at elevated risk. The local execution requirement limits exposure but is critical for multi-tenant hosting environments common in Saudi Arabia. Organizations hosting fastCMS on shared infrastructure or cloud platforms face heightened risk of lateral movement and privilege escalation.

🏢 Affected Saudi Sectors

Government Education Media and Publishing Healthcare Telecommunications Financial Services E-commerce

🎯 MITRE ATT&CK Techniques

T1059 — Command and Scripting Interpreter T1190 — Exploit Public-Facing Application T1547 — Boot or Logon Autostart Execution T1053 — Scheduled Task/Job T1648 — Serverless Execution

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all fastCMS installations in your environment and document version numbers

2. Restrict local access to fastCMS servers to authorized personnel only

3. Implement file integrity monitoring on PluginController.java and plugin directories

4. Review access logs for suspicious local user activity



PATCHING:

1. Upgrade fastCMS to version 0.1.6 or later immediately

2. Test patches in non-production environments first

3. Verify plugin functionality after patching

4. Document all patching activities for compliance records



COMPENSATING CONTROLS (if immediate patching not possible):

1. Disable plugin functionality if not required

2. Implement strict file permissions on plugin directories (chmod 750)

3. Use SELinux or AppArmor to restrict PluginController execution

4. Isolate fastCMS servers on dedicated network segments



DETECTION:

1. Monitor for unauthorized modifications to PluginController.java

2. Alert on unexpected process execution from fastCMS application user

3. Log all plugin upload/modification attempts

4. Search logs for CWE-94 exploitation patterns (code injection in plugin paths)

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع تثبيتات fastCMS في بيئتك وتوثيق أرقام الإصدارات

2. تقييد الوصول المحلي إلى خوادم fastCMS للموظفين المصرح لهم فقط

3. تنفيذ مراقبة سلامة الملفات على PluginController.java ومجلدات المكونات الإضافية

4. مراجعة سجلات الوصول للنشاط المريب من المستخدمين المحليين

التصحيح:

1. ترقية fastCMS إلى الإصدار 0.1.6 أو أحدث فوراً

2. اختبار التصحيحات في بيئات غير الإنتاج أولاً

3. التحقق من وظائف المكون الإضافي بعد التصحيح

4. توثيق جميع أنشطة التصحيح لسجلات الامتثال

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تعطيل وظائف المكون الإضافي إذا لم تكن مطلوبة

2. تنفيذ أذونات ملفات صارمة على مجلدات المكونات الإضافية

3. استخدام SELinux أو AppArmor لتقييد تنفيذ PluginController

4. عزل خوادم fastCMS على شرائح شبكة مخصصة

الكشف:

1. مراقبة التعديلات غير المصرح بها على PluginController.java

2. التنبيه على تنفيذ العمليات غير المتوقعة من مستخدم تطبيق fastCMS

3. تسجيل جميع محاولات تحميل/تعديل المكونات الإضافية

4. البحث في السجلات عن أنماط استغلال CWE-94

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of access

🔵 SAMA CSF

SAMA CSF ID.RA-1 - Asset management and vulnerability identification SAMA CSF PR.IP-12 - Software development and change management SAMA CSF DE.CM-1 - Detection and monitoring of anomalies

🟡 ISO 27001:2022

ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Secure development, test and acceptance ISO 27001:2022 A.8.1.1 - Inventory of assets

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches and updates PCI DSS 11.2 - Vulnerability scanning

🔗 References & Sources 2

🔗

https://gist.github.com/sorzs/e3913b814e2e5548aa66de6c25b0510a

cve@mitre.org

Third Party Advisory

🔗

https://github.com/sorzs/test/tree/main/fastcms-rce

cve@mitre.org

Exploit Third Party Advisory

📦 Affected Products / CPE 1 entries

xjd2020:fastcms

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-94

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-26

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available CWE-94

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-26682

💬 Comments

Introduce Yourself

Sign In Required