CVE-2026-1112 – This CVE describes an improper authorization vu... (How to Fix)

Q: What is the severity of CVE-2026-1112?

CVE-2026-1112 has a CVSS score of 5.4 (MEDIUM). This CVE describes an improper authorization vulnerability in Sanluan PublicCMS's trade address deletion endpoint. Attackers can remotely manipulate the 'ids' parameter to delete trade addresses without proper authorization. All users running PublicCMS up to version 5.202506.d are affected.

📋 TL;DR

This CVE describes an improper authorization vulnerability in Sanluan PublicCMS's trade address deletion endpoint. Attackers can remotely manipulate the 'ids' parameter to delete trade addresses without proper authorization. All users running PublicCMS up to version 5.202506.d are affected.

💻 Affected Systems

Products:

Sanluan PublicCMS

Versions: up to 5.202506.d

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Trade Address Deletion Endpoint component specifically.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized deletion of trade addresses could disrupt business operations, cause data loss, and potentially enable further attacks if combined with other vulnerabilities.

🟠

Likely Case

Attackers delete trade addresses, causing operational disruption and requiring manual restoration from backups.

🟢

If Mitigated

With proper authorization controls, only legitimate users can delete trade addresses, preventing unauthorized data modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available on GitHub, making exploitation straightforward for attackers with some access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a version beyond 5.202506.d if available, or implement workarounds.

🔧 Temporary Workarounds

Disable Trade Address Deletion Endpoint

all

Temporarily disable or restrict access to the vulnerable endpoint to prevent exploitation.

# Modify web server configuration to block access to /trade/address/delete endpoint
# Example for Apache: RewriteRule ^/trade/address/delete - [F]
# Example for Nginx: location ~ /trade/address/delete { deny all; }

Implement Authorization Check

all

Add proper authorization validation in the delete function to ensure only authorized users can delete trade addresses.

# Modify TradeAddressController.java to include authorization checks
# Example: if (!user.hasPermission("delete_address")) { return "unauthorized"; }

🧯 If You Can't Patch

Implement network segmentation to restrict access to the PublicCMS instance from untrusted networks.
Monitor and audit all delete operations on trade addresses for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check if PublicCMS version is 5.202506.d or earlier by examining version files or admin panel.

Check Version:

# Check version in PublicCMS installation directory: cat version.txt or check admin panel

Verify Fix Applied:

Test the trade address deletion endpoint with unauthorized users to ensure proper authorization is enforced.

📡 Detection & Monitoring

Log Indicators:

Unusual delete requests to /trade/address/delete endpoint
Failed authorization attempts for trade address deletion

Network Indicators:

HTTP POST requests to /trade/address/delete with unexpected parameters

SIEM Query:

source="web_server" AND uri="/trade/address/delete" AND response_code=200 AND user NOT IN authorized_users

📊 Metadata

CVE ID: CVE-2026-1112

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-266

EPSS Score: 0.07% exploit probability (20.5th percentile)

Published: January 18, 2026

Last Updated: February 5, 2026

🔗 References

https://github.com/AnalogyC0de/public_exp/issues/4 Exploit,Issue Tracking,Mitigation,Third Party Advisory
https://vuldb.com/?ctiid.341704 Permissions Required,VDB Entry
https://vuldb.com/?id.341704 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.732771 Third Party Advisory,VDB Entry
https://github.com/AnalogyC0de/public_exp/issues/4 Exploit,Issue Tracking,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1112, you might also want to check these: