{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29909", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-30T19:24:14.343Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:12:05.657Z"}, "descriptions": [{"lang": "en", "value": "MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/wuweiit/mushroom"}, {"url": "https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-425", "lang": "en", "description": "CWE-425 Direct Request ('Forced Browsing')"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T19:23:37.904451Z", "id": "CVE-2026-29909", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T19:24:14.343Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29909", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T19:23:37.904451Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-425", "description": "CWE-425 Direct Request ('Forced Browsing')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T19:22:30.206Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/wuweiit/mushroom"}, {"url": "https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:12:05.657Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29909", "state": "PUBLISHED", "dateUpdated": "2026-03-30T19:24:14.343Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "254B64CD-32D5-4E91-8A4C-54C155EA7E0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials."}, {"lang": "es", "value": "MRCMS V3.1.2 contiene una vulnerabilidad de enumeraci\u00f3n de directorios no autenticada en el m\u00f3dulo de gesti\u00f3n de archivos. El endpoint /admin/file/list.do carece de controles de autenticaci\u00f3n y de validaci\u00f3n de entrada adecuada, lo que permite a atacantes remotos enumerar el contenido de los directorios en el servidor sin ninguna credencial."}], "id": "CVE-2026-29909", "lastModified": "2026-04-02T17:11:00.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T17:16:15.750", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/wuweiit/mushroom"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-425"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.1.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mrcms", "vendor": "mrcms"}], "analysis": {"en": {"generated_at": "2026-04-02T22:11:16.827768+00:00", "value": {"mitigation_remediation": ["Acquire and install the latest patch or upgrade to a newer version of MRCMS that secures the /admin/file/list.do endpoint.", "If an update cannot be applied immediately, restrict network access to the /admin/file/list.do endpoint using firewall rules, IP whitelisting, or by moving the server to an internal network only.", "Disable or remove the file management module if it is not required for business operations.", "Verify after remediation that accessing /admin/file/list.do no longer returns directory listings or authenticated prompts."], "summary": {"action": "Apply patch", "impact": "Directory enumeration (information disclosure)"}, "threat_synthesis": {"affected_systems": "The affected product is the MRCMS content management system, version\u202f3.1.2. No other vendors or product variants are listed as affected in the available data.", "description_and_impact": "The vulnerability in MRCMS 3.1.2 allows remote attackers to enumerate the contents of server directories through the /admin/file/list.do endpoint. Because the endpoint lacks authentication controls and proper input validation, any user can retrieve listings of files stored on the server. This defect represents an input validation flaw (CWE\u201120) and an unauthenticated access weakness (CWE\u2011425). An attacker who invokes the endpoint can gain visibility into file names and directory structure, potentially revealing sensitive configuration files or user data, thereby compromising confidentiality and providing information that could aid further attacks.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate risk. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote and unauthenticated; an attacker merely needs to send an HTTP request to the vulnerable endpoint to enumerate directory listings. Because no authentication is required, any web\u2010accessible client can exploit the flaw, but the lack of persistence or destructive impact limits the severity to information disclosure rather than code execution or denial of service."}}}}, "created": "2026-03-30T20:56:29.677792+00:00", "updated": "2026-04-03T09:38:24.071700+00:00", "vendors": ["mrcms", "mrcms$PRODUCT$mrcms"]}