Remote Code Execution Vulnerability in Mura CMS by Mura Software
CVE-2026-12257
5.1MEDIUM
What is CVE-2026-12257?
Mura CMS versions prior to 10.0.712 are susceptible to a remote code execution vulnerability due to improper validation of the 'method' parameter in POST requests within the endpoint '/index.cfm/_api/json/v1/default'. This flaw allows attackers to inject and execute arbitrary ColdFusion Markup Language (CFML) expressions and instantiate malicious Java objects, potentially compromising the integrity and security of the affected systems.
Affected Version(s)
CMS 10.0.712
