Code Injection Vulnerability in PbootCMS by PbootCMS
CVE-2026-36239

4.3MEDIUM

Key Information:

Vendor: PbootCMS
Status: PbootCMS
Vendor: CVE Published:; 26 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-36239?

PbootCMS version 3.2.11 is susceptible to a code injection vulnerability within its site configuration feature. This flaw allows an attacker to manipulate site settings, potentially leading to unauthorized access and control over the application. Proper validation and sanitization of user inputs are crucial to mitigating this risk. Ensure your PbootCMS installation is updated to a secure version and adopt comprehensive security practices.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-36239
Created by TazmiDev

References

http://pbootcms.com

http://hunan.com

https://github.com/TazmiDev/CVE-2026-36239

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
🟡
Public PoC available
May 25, 2026
👾
Exploit known to exist
May 25, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-36239 Data

JSON