CVE-2026-3289CRITICAL 9.8EPSS p47.7%

CVE-2026-3289CVE-2026-3289

Description

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.68% probability of exploitation · percentile 47.7% · 2026-06-19T12:03:05Z
Published2026-02-27
Last modified2026-04-29

Underlying weaknesses· 1

CWE-22

References

  1. https://vuldb.com/?ctiid.348017
  2. https://vuldb.com/?id.348017
  3. https://vuldb.com/?submit.759109
  4. https://www.yuque.com/la12138/pa2fpb/wdggytgi4vhl93zd?singleDoc

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-1112
CVE
CVE-2025-25361
CVE
CVE-2025-65602
CVE
CVE-2025-4545
CVE
CVE-2025-1890
CVE
CVE-2025-1556
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.