CVE-2026-3395

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions up to 109.1

Description A code injection issue exists in MaxSite CMS due to a flaw in the eval function within the file application/maxsite/admin/plugins/editor markitup/preview-ajax.php of the MarkItUp Preview AJAX Endpoint component. Remote attackers can exploit this to inject code. The exploit has been published and is potentially being used in attacks.

Recommendations Upgrade MaxSite CMS to version 109.2 to resolve this issue.

Fix

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-74

Related Identifiers

CVE-2026-3395

Affected Products

Markitup

Maxsite Cms

CVE-2026-3395

Weakness Enumeration

Related Identifiers

Affected Products

References · 15