CVE-2026-15516
MacCMS Pro Installation Index.php step5 authorization
CVSS Score
5.6
EPSS Score
0.3%
EPSS Percentile
19th
A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. Upgrading to version 2022.1000.3025 is recommended to address this issue. Upgrading the affected component is recommended.
| CWE | CWE-639 CWE-285 |
| Vendor | n/a |
| Product | maccms pro |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a maccms pro
Be the first to know when new medium vulnerabilities affecting n/a maccms pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / MacCMS Pro
2022.1000.3005
References
vuldb.com: https://vuldb.com/vuln/377845 vuldb.com: https://vuldb.com/vuln/377845/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15516 vuldb.com: https://vuldb.com/submit/848741 github.com: https://github.com/trustbigcat/CVE/ github.com: https://github.com/magicblack/maccms10/releases?page=3#release-v2022.1000.3025
Credits
๐ luther (VulDB User)