SQL Injection Vulnerability in dotCMS Core Affecting Publishing APIs
CVE-2026-8054
10CRITICAL
Key Information:
- Vendor
Dotcms
- Status
- Vendor
- CVE Published:
- 27 May 2026
Badges
π Score: 105πΎ Exploit Existsπ‘ Public PoC
What is CVE-2026-8054?
false
Affected Version(s)
dotCMS Core 25.11.04-1 <= 26.04.28-02
dotCMS Core 26.04.28-03
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Gerhard Botha β reported to dotCMS through responsible disclosure. Gerhard's GitHub profile: https://github.com/GerhardBotha97
