CVE-2026-2666

Name of the Vulnerable Software and Affected Versions mingSoft MCMS version 6.1.1

Description A flaw exists in mingSoft MCMS 6.1.1 related to unrestricted file upload. The issue is located within the Template Archive Handler component, specifically in a function associated with the /ms/file/uploadTemplate.do file. Manipulation of the File argument allows for unrestricted file uploads, and the attack can be initiated remotely. The exploit has been published.

Recommendations Apply any available updates or patches for mingSoft MCMS version 6.1.1. As a temporary workaround, restrict access to the /ms/file/uploadTemplate.do endpoint.