{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-13546", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-28T10:58:04.226Z", "datePublished": "2026-06-29T07:15:07.559Z", "dateUpdated": "2026-06-29T13:34:55.413Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-29T07:15:07.559Z"}, "title": "Feehi CMS REST API Endpoint articles missing authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "Missing Authentication"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "Feehi", "product": "CMS", "versions": [{"version": "2.1.0", "status": "affected"}, {"version": "2.1.1", "status": "affected"}], "cpes": ["cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*"], "modules": ["REST API Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-06-28T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-28T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-28T13:03:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "byname (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/374554", "name": "VDB-374554 | Feehi CMS REST API Endpoint articles missing authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/374554/cti", "name": "VDB-374554 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-13546", "name": "CVE-2026-13546 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/842603", "name": "Submit #842603 | liufee cms 2.1.1 Any Article Delete", "tags": ["third-party-advisory"]}, {"url": "https://github.com/liufee/cms/issues/87", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-29T13:34:43.451804Z", "id": "CVE-2026-13546", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T13:34:55.413Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-13546", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-29T13:34:43.451804Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T13:34:49.996Z"}}], "cna": {"title": "Feehi CMS REST API Endpoint articles missing authentication", "credits": [{"lang": "en", "type": "reporter", "value": "byname (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:feehi:cms:*:*:*:*:*:*:*:*"], "vendor": "Feehi", "modules": ["REST API Endpoint"], "product": "CMS", "versions": [{"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.1.1"}]}], "timeline": [{"lang": "en", "time": "2026-06-28T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-28T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-28T13:03:10.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/374554", "name": "VDB-374554 | Feehi CMS REST API Endpoint articles missing authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/374554/cti", "name": "VDB-374554 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-13546", "name": "CVE-2026-13546 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/842603", "name": "Submit #842603 | liufee cms 2.1.1 Any Article Delete", "tags": ["third-party-advisory"]}, {"url": "https://github.com/liufee/cms/issues/87", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "Missing Authentication"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-29T07:15:07.559Z"}}}, "cveMetadata": {"cveId": "CVE-2026-13546", "state": "PUBLISHED", "dateUpdated": "2026-06-29T13:34:55.413Z", "dateReserved": "2026-06-28T10:58:04.226Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-29T07:15:07.559Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.1.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "CMS", "source": "cna", "vendor": "Feehi"}, "product": "cms", "vendor": "feehi"}], "created": "2026-06-29T09:30:17.053437+00:00", "updated": "2026-06-29T13:15:03.512228+00:00", "vendors": ["feehi", "feehi$PRODUCT$cms"]}