Vulnerabilities ›

CVE-2026-3289

Medium

CWE-22 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-3289 is a path traversal vulnerability in Sanluan PublicCMS 6.202506.d affecting the Template Cache Generation component. An unauthenticated remote attacker can manipulate the saveMetadata function to traverse the file system and potentially read, write, or delete arbitrary files. With a CVSS score of 6.3 and public exploit availability, this poses a moderate-to-high risk to organizations using this CMS, particularly those hosting web applications without proper input validation.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 04:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations using Sanluan PublicCMS are at risk, particularly: (1) Government agencies and ministries hosting public-facing web portals and content management systems; (2) Educational institutions (universities, schools) using CMS for website management; (3) Healthcare facilities with web-based patient information systems; (4) Media and publishing organizations; (5) Small-to-medium enterprises (SMEs) in retail and services sectors. The vulnerability allows unauthorized file system access, potentially exposing sensitive data, configuration files containing credentials, and enabling remote code execution through file upload/manipulation. Organizations under NCA and SAMA oversight face compliance violations if exploited.

🏢 Affected Saudi Sectors

Government and Public Administration Education (Universities and Schools) Healthcare and Medical Services Media and Publishing Retail and E-commerce Telecommunications Financial Services Small and Medium Enterprises (SMEs)

🎯 MITRE ATT&CK Techniques

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application T1105 - Ingress Tool Transfer T1070 - Indicator Removal T1567 - Exfiltration Over Web Service T1040 - Traffic Capture or Redirection

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all instances of Sanluan PublicCMS 6.202506.d in your environment using network scanning and asset inventory tools

2. Isolate affected systems from public internet access or place behind WAF with strict input validation rules

3. Review access logs for suspicious requests to TemplateCacheComponent endpoints (look for path traversal patterns: ../, ..\, encoded variants)

4. Implement emergency access controls: restrict template cache generation to authenticated users only



COMPENSATING CONTROLS (until patch available):

5. Deploy Web Application Firewall (WAF) rules blocking path traversal attempts (../, %2e%2e/, etc.)

6. Implement strict input validation on all metadata parameters - whitelist allowed characters only

7. Run application with minimal file system permissions - restrict write access to designated directories only

8. Enable detailed logging and monitoring of TemplateCacheComponent.saveMetadata() function calls

9. Implement file integrity monitoring (FIM) on critical configuration and template directories



DETECTION RULES:

- Monitor for HTTP requests containing: ../, %2e%2e/, %252e, ..\, %5c patterns in POST/GET parameters

- Alert on TemplateCacheComponent access with non-standard metadata parameters

- Track file system access attempts outside designated template directories

- Monitor for unusual file creation/modification in system directories



LONG-TERM:

10. Contact vendor for security patch or consider migration to alternative CMS with active security support

11. Implement code review process for custom CMS modifications

12. Establish vulnerability disclosure program with vendor

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ Sanluan PublicCMS 6.202506.d في بيئتك باستخدام أدوات المسح والجرد

2. عزل الأنظمة المتأثرة عن الإنترنت العام أو وضعها خلف جدار حماية تطبيقات الويب (WAF) مع قواعد التحقق من الإدخال الصارمة

3. مراجعة سجلات الوصول للطلبات المريبة إلى نقاط نهاية TemplateCacheComponent (ابحث عن أنماط اجتياز المسار)

4. تنفيذ ضوابط الوصول الطارئة: تقييد إنشاء ذاكرة التخزين المؤقت للقوالب للمستخدمين المصرح لهم فقط

الضوابط البديلة (حتى توفر التصحيح):

5. نشر قواعل WAF لحجب محاولات اجتياز المسار

6. تنفيذ التحقق الصارم من الإدخال على جميع معاملات البيانات الوصفية

7. تشغيل التطبيق بأذونات نظام ملفات محدودة

8. تفعيل السجلات والمراقبة التفصيلية لاستدعاءات الدوال

9. تنفيذ مراقبة سلامة الملفات (FIM) على الدلائل الحرجة

قواعد الكشف:

- مراقبة طلبات HTTP التي تحتوي على أنماط اجتياز المسار

- تنبيهات على وصول TemplateCacheComponent بمعاملات غير قياسية

- تتبع محاولات الوصول إلى نظام الملفات خارج الدلائل المخصصة

- مراقبة إنشاء/تعديل الملفات غير العادي

المدى الطويل:

10. التواصل مع البائع للحصول على تصحيح أمني أو النظر في الهجرة إلى نظام إدارة محتوى بديل

11. تنفيذ عملية مراجعة الأكواد للتعديلات المخصصة

12. إنشاء برنامج الكشف عن الثغرات مع البائع

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies and Procedures (input validation requirements) A.6.1.1 - Access Control (restrict unauthorized file system access) A.7.1.1 - Cryptography (protect sensitive data exposed via path traversal) A.8.1.1 - Physical and Environmental Security (file system integrity) A.12.4.1 - Logging and Monitoring (detect exploitation attempts)

🔵 SAMA CSF

ID.AM-2 - Asset Management (identify affected CMS instances) PR.AC-1 - Access Control (implement authentication/authorization) PR.PT-1 - Protection Processes (input validation, WAF deployment) DE.CM-1 - Detection and Analysis (monitor for exploitation) RS.MI-1 - Response and Recovery (incident response procedures)

🟡 ISO 27001:2022

A.5.1.1 - Information security policies A.6.1.2 - Information security roles and responsibilities A.8.1.1 - User endpoint devices A.8.2.1 - User access management A.8.3.1 - User responsibilities A.12.4.1 - Event logging A.14.2.1 - Secure development policy

🟣 PCI DSS v4.0.1

Requirement 6.5.1 - Injection flaws (path traversal is file system injection) Requirement 6.2 - Security patches and updates Requirement 10.2 - Implement automated audit trails

🔗 References & Sources 4

🔗

https://vuldb.com/?ctiid.348017

cna@vuldb.com

🔗

https://vuldb.com/?id.348017

cna@vuldb.com

🔗

https://vuldb.com/?submit.759109

cna@vuldb.com

🔗

https://www.yuque.com/la12138/pa2fpb/wdggytgi4vhl93zd?singleDoc

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-22

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-3289

Introduce Yourself

Sign In Required