CVE-2026-8739 | Sanluan PublicCMS 5.202506.d SafeConfigComponent.java getSignKey privatefile_key hard-coded key

A vulnerability was found in Sanluan PublicCMS 5.202506.d and classified as critical. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile_key results in use of hard-coded cryptographic key
.

This vulnerability is identified as CVE-2026-8739. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8739 | Sanluan PublicCMS 5.202506.d SafeConfigComponent.java getSignKey privatefile_key hard-coded key

Post correlati

CVE-2024-31285 | Tooltips Plugin up to 9.5.3 on WordPress cross-site request forgery

CVE-2024-42508 | HPE OneView up to 9.19 information disclosure

CVE-2023-49695 | Elecom WRC-X3000GSN/WRC-X3000GS/WRC-X3000GSA Request os command injection

CVE-2024-23887 | Cups Easy 1.0 URL grncreate.php grndate cross site scripting