https://feed.craftedsignal.io/tags/mingsoft/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 15:17:02 +0000https://feed.craftedsignal.io/briefs/2026-03-mingsoft-ssrf/Fri, 27 Mar 2026 15:17:02 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-mingsoft-ssrf/A server-side request forgery (SSRF) vulnerability (CVE-2026-4953) exists in mingSoft MCMS version 5.5.0, allowing remote attackers to manipulate the 'catchimage' argument in the catchImage function to potentially access or interact with internal resources.A server-side request forgery (SSRF) vulnerability has been identified in mingSoft MCMS version 5.5.0. The vulnerability resides within the catchImage function in the net/mingsoft/cms/action/BaseAction.java file, specifically affecting the Editor Endpoint component. Attackers can remotely exploit this vulnerability by manipulating the catchimage argument. Publicly available exploits exist, increasing the risk of exploitation. Successful exploitation could allow an attacker to probe…

]]>highadvisorySSRFmingSoftCVE-2026-4953