Cleartext Storage Vulnerability in Sanluan PublicCMS Login Functionality
CVE-2026-6796

5.3MEDIUM

Key Information:

Vendor

Sanluan

Status
Publiccms
Vendor
CVE Published:
21 April 2026

What is CVE-2026-6796?

A vulnerability exists in Sanluan PublicCMS affecting the log_login function within the Failed Login Handler component. This issue allows for the manipulation of the errorPassword argument, which results in sensitive information being stored in cleartext on the file system. The vulnerability can be exploited remotely, posing significant risks to the confidentiality of user credentials. Despite early notifications regarding the flaw, the vendor has not responded to address the issue.

Affected Version(s)

PublicCMS 6.202506.a

PublicCMS 6.202506.b

PublicCMS 6.202506.c

References

https://vuldb.com/vuln/358490
vdb-entrytechnical-description
https://vuldb.com/vuln/358490/cti
signaturepermissions-required
https://vuldb.com/submit/794797
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

LeyNn3H (VulDB User)
VulDB CNA Team
.