CVE-2026-29909

EUVD-2026-17129
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
mrcmsmrcms
3.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md
https://github.com/wuweiit/mushroom