{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29597", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-03T15:16:33.427Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T15:16:33.427Z"}, "descriptions": [{"lang": "en", "value": "DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the \u201c/Admin/file_manager/file_details.asp\u201d endpoint and manipulating the \u201cfile\u201d parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://ddsn.com"}, {"url": "http://acora.com"}, {"url": "https://github.com/padayali-JD/CVE-2026-29597"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T18:20:32.685189Z", "id": "CVE-2026-29597", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:21:08.671Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29597", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T18:20:32.685189Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:18:22.323Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://ddsn.com"}, {"url": "http://acora.com"}, {"url": "https://github.com/padayali-JD/CVE-2026-29597"}], "descriptions": [{"lang": "en", "value": "DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the \u201c/Admin/file_manager/file_details.asp\u201d endpoint and manipulating the \u201cfile\u201d parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T15:16:33.427Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29597", "state": "PUBLISHED", "dateUpdated": "2026-04-03T15:16:33.427Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the \u201c/Admin/file_manager/file_details.asp\u201d endpoint and manipulating the \u201cfile\u201d parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure."}, {"lang": "es", "value": "Control de acceso incorrecto en el endpoint file_details.asp de DDSN Interactive Acora CMS v10.7.1 permite a atacantes con privilegios de editor acceder a archivos sensibles mediante solicitudes manipuladas."}], "id": "CVE-2026-29597", "lastModified": "2026-04-03T16:16:36.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.310", "references": [{"source": "cve@mitre.org", "url": "http://acora.com"}, {"source": "cve@mitre.org", "url": "http://ddsn.com"}, {"source": "cve@mitre.org", "url": "https://github.com/padayali-JD/CVE-2026-29597"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "10.7.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "acora_cms", "vendor": "ddsn"}], "analysis": {"en": {"generated_at": "2026-04-03T18:49:26.350377+00:00", "value": {"mitigation_remediation": ["Verify that the system is running Acora CMS v10.7.1 or another vulnerable version.", "Apply any vendor\u2011issued patch or update the CMS to a version that removes the improper access control.", "If a patch is unavailable, restrict access to the /Admin/file_manager/file_details.asp endpoint to administrators only and require authentication for sensitive files.", "Rename or relocate configuration files (e.g., cm3.xml) so they are not exposed through the file manager.", "Monitor web application logs for attempts to read file_details.asp and investigate any unauthorized activity."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected software is Acora CMS v10.7.1. No other vendors or products are listed; the vulnerability is specific to this version of the CMS.", "description_and_impact": "Acora CMS version 10.7.1 contains an improper access control weakness that allows an editor\u2011privileged user to read sensitive configuration files by manipulating the file parameter on the /Admin/file_manager/file_details.asp endpoint. The vulnerability is classified as CWE\u2011284 and results in the exposure of system administrator credentials, SMTP settings, database connections, and other confidential information. Once these credentials are obtained, an attacker can gain full administrative control of the CMS, access email services, compromise linked databases, move laterally within the network, and establish long\u2011term persistence.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium severity vulnerability. The EPSS score is below 1%, suggesting a low probability of exploitation, and the flaw is not recorded in the CISA KEV catalog. Exploitation is possible over the web, requiring only that the user have editor privileges. If such a user exists, the attacker can retrieve privileged information, evolving the issue into a full account takeover. The overall risk is moderate due to the credential exposure and potential for systemic compromise."}}}}, "created": "2026-03-30T20:56:27.815447+00:00", "updated": "2026-04-03T21:17:55.435369+00:00", "vendors": ["ddsn", "ddsn$PRODUCT$acora_cms"]}