A vulnerability described as problematic has been identified in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure.

This vulnerability is tracked as CVE-2026-15530. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.