CVE-2026-9376

MEDIUM

JPress UCenter Article Submission Endpoint doWriteSave improper authorization

Title source: cna

Description

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-365339 | JPress UCenter Article Submission Endpoint doWriteSave improper authorization

https://vuldb.com/vuln/365339

Signature, Permissions Required signature permissions-required

VDB-365339 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/365339/cti

Third Party Advisory third-party-advisory

Submit #813253 | JPress 1.0.3 Improper Authorization

https://vuldb.com/submit/813253

Exploit exploit issue-tracking

https://github.com/JPressProjects/jpress/issues/194

Scores

CVSS v3 6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Details

CWE

CWE-266 CWE-285

Status published

Products (4)

None/JPress 1.0.0

None/JPress 1.0.1

None/JPress 1.0.2

None/JPress 1.0.3

Published May 24, 2026

Tracked Since May 24, 2026