Resource Consumption Vulnerability in Sanluan PublicCMS
CVE-2026-6797

5.3MEDIUM

Key Information:

Vendor

Sanluan

Status
Publiccms
Vendor
CVE Published:
21 April 2026

What is CVE-2026-6797?

A resource consumption vulnerability exists in the Sanluan PublicCMS, specifically within the function ZipSecureFile.setMinflateRatio in the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. By exploiting this vulnerability, an attacker may trigger high resource usage on affected systems, potentially leading to denial of service through excessive memory consumption. This vulnerability allows remote attacks, making it crucial for users to implement fixes promptly. The vendor has been informed but has not addressed the issue.

Affected Version(s)

PublicCMS 6.202506.a

PublicCMS 6.202506.b

PublicCMS 6.202506.c

References

https://vuldb.com/vuln/358491
vdb-entrytechnical-description
https://vuldb.com/vuln/358491/cti
signaturepermissions-required
https://vuldb.com/submit/794798
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

LeyNn3H (VulDB User)
VulDB CNA Team
.