CVE-2026-6797
published 2026-04-21CVE-2026-6797: A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file…
PriorityP424medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.27%
18.3th percentile
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
| sanluan | publiccms | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sanluan PublicCMS up to 6.202506.d DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption (EUVD-2026-24501)
vuldb·2026-04-22·CVSS 5.3
CVE-2026-6797 [MEDIUM] Sanluan PublicCMS up to 6.202506.d DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption (EUVD-2026-24501)
A vulnerability was found in Sanluan PublicCMS up to 6.202506.d. It has been declared as problematic. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption.
This vulnerability is referenced as CVE-2026-6797. It is possible to launch the attack remotely. No exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
GHSA
GHSA-f82q-cjhg-c837: A vulnerability was identified in Sanluan PublicCMS up to 6
ghsa_unreviewed·2026-04-21
CVE-2026-6797 [MEDIUM] CWE-400 GHSA-f82q-cjhg-c837: A vulnerability was identified in Sanluan PublicCMS up to 6
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-21
Published