CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.2%

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md
https://github.com/wuweiit/mushroom

Products affected by CVE-2026-29909

Mrcms » Mrcms » Version: 3.1.2

cpe:2.3:a:mrcms:mrcms:3.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29909

Products

Pricing

Contact Us