Cyber Resilience

CVE-2026-4953

Medium

Published: 27 March 2026

Published
27 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 18.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4953 is a medium-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-4953 is a server-side request forgery (SSRF) vulnerability (CWE-918) in mingSoft MCMS versions up to 5.5.0. The issue resides in the catchImage function within the file net/mingsoft/cms/action/BaseAction.java, part of the Editor Endpoint component. By manipulating the catchimage argument, attackers can trick the server into making unintended requests, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2026-03-27.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables limited impacts including low confidentiality, integrity, and availability effects, such as unauthorized internal network access or resource exhaustion via SSRF techniques.

Advisories from VulDB (ctiid.353831, id.353831, submit.777516) document the issue and note recent discovery, while a GitHub repository (wing3e/public_exp/issues/3) publicly discloses a working exploit, increasing the risk of active attacks. No vendor patches or specific mitigations are detailed in the provided references.

The public availability of the exploit underscores the urgency for MCMS users to monitor and restrict Editor Endpoint access until remediation is available.

EU & UK References

Vulnerability details

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It…

more

is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in public-facing Editor Endpoint directly enables remote exploitation of a web application (T1190); the ability to force arbitrary internal requests also facilitates network service discovery and internal scanning (T1046).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7065Shared CWE-918
CVE-2025-55150Shared CWE-918
CVE-2025-28091Shared CWE-918
CVE-2025-1849Shared CWE-918

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the SSRF flaw in the catchImage function of BaseAction.java through timely identification, prioritization, and correction.

prevent

Validates the catchimage argument in the Editor Endpoint to block malicious manipulations that trigger unintended server requests.

preventdetect

Monitors and controls outbound communications at system boundaries to block SSRF exploitation attempts to internal or unauthorized resources.

References