CVE-2026-8737

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS version 5.202506.d

Description A missing authentication issue exists in the Trade Address Query Handler component. A remote attacker can manipulate the userId/id arguments within the execute() function of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java to bypass authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.