CVE-2026-4953
Published: 27 March 2026
Summary
CVE-2026-4953 is a medium-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-4953 is a server-side request forgery (SSRF) vulnerability (CWE-918) in mingSoft MCMS versions up to 5.5.0. The issue resides in the catchImage function within the file net/mingsoft/cms/action/BaseAction.java, part of the Editor Endpoint component. By manipulating the catchimage argument, attackers can trick the server into making unintended requests, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2026-03-27.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables limited impacts including low confidentiality, integrity, and availability effects, such as unauthorized internal network access or resource exhaustion via SSRF techniques.
Advisories from VulDB (ctiid.353831, id.353831, submit.777516) document the issue and note recent discovery, while a GitHub repository (wing3e/public_exp/issues/3) publicly discloses a working exploit, increasing the risk of active attacks. No vendor patches or specific mitigations are detailed in the provided references.
The public availability of the exploit underscores the urgency for MCMS users to monitor and restrict Editor Endpoint access until remediation is available.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-16629
Vulnerability details
A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It…
more
is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing Editor Endpoint directly enables remote exploitation of a web application (T1190); the ability to force arbitrary internal requests also facilitates network service discovery and internal scanning (T1046).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the SSRF flaw in the catchImage function of BaseAction.java through timely identification, prioritization, and correction.
Validates the catchimage argument in the Editor Endpoint to block malicious manipulations that trigger unintended server requests.
Monitors and controls outbound communications at system boundaries to block SSRF exploitation attempts to internal or unauthorized resources.