CVE-2026-4562
HIGHMacCMS Timming API Endpoint Timming.php weak authentication
Title source: cnaDescription
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
References (4)
Core 4
Core References
Vdb Entry vdb-entry
VDB-352399 | MacCMS Timming API Endpoint Timming.php weak authentication
https://vuldb.com/?id.352399
Signature, Permissions Required signature
permissions-required
VDB-352399 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/?ctiid.352399
Third Party Advisory third-party-advisory
Submit #775039 | Maccms MacCMS 2025.1000.4052 Missing Authentication
https://vuldb.com/?submit.775039
Exploit exploit
issue-tracking
https://github.com/HuajiHD/CVE/issues/9
Scores
CVSS v3
7.3
EPSS
0.0052
EPSS Percentile
39.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
CWE-306
Status
published
Products (1)
n/a/MacCMS
2025.1000.4052
Published
Mar 23, 2026
Tracked Since
Mar 23, 2026