{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29909", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-30T19:24:14.343Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:12:05.657Z"}, "descriptions": [{"lang": "en", "value": "MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/wuweiit/mushroom"}, {"url": "https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-425", "lang": "en", "description": "CWE-425 Direct Request ('Forced Browsing')"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T19:23:37.904451Z", "id": "CVE-2026-29909", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T19:24:14.343Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29909", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T19:23:37.904451Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-425", "description": "CWE-425 Direct Request ('Forced Browsing')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T19:22:30.206Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/wuweiit/mushroom"}, {"url": "https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:12:05.657Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29909", "state": "PUBLISHED", "dateUpdated": "2026-03-30T19:24:14.343Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials."}, {"lang": "es", "value": "MRCMS V3.1.2 contiene una vulnerabilidad de enumeraci\u00f3n de directorios no autenticada en el m\u00f3dulo de gesti\u00f3n de archivos. El endpoint /admin/file/list.do carece de controles de autenticaci\u00f3n y de validaci\u00f3n de entrada adecuada, lo que permite a atacantes remotos enumerar el contenido de los directorios en el servidor sin ninguna credencial."}], "id": "CVE-2026-29909", "lastModified": "2026-04-01T14:24:21.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T17:16:15.750", "references": [{"source": "cve@mitre.org", "url": "https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md"}, {"source": "cve@mitre.org", "url": "https://github.com/wuweiit/mushroom"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-425"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-31T06:26:45.781050+00:00", "value": {"mitigation_remediation": ["Apply the latest MRCMS release or vendor patch if one exists", "Restrict network access to /admin/file/list.do and other administrative paths using firewalls or network segmentation", "Enforce authentication on all administrative endpoints and implement strict input validation", "Monitor application logs for repeated or anomalous directory listing activity", "Contact the MRCMS development community or vendor to request a formal fix if no patch is available"], "summary": {"action": "Assess Impact", "impact": "Information Disclosure \u2013 Directory Enumeration"}, "threat_synthesis": {"affected_systems": "Installed copies of MRCMS version 3.1.2, specifically the File Management Module, are affected. No vendor or product version information beyond this is provided, and there are no associated Common Platform Enumeration strings in the report.", "description_and_impact": "The flaw resides in the /admin/file/list.do endpoint of MRCMS version 3.1.2. Because the endpoint accepts directory paths without authentication or validation, remote attackers can enumerate the contents of any directory on the server. This unvalidated input and the lack of access control correspond to input validation (CWE\u201120), missing authentication (CWE\u2011284), and improper authorization (CWE\u2011425). The result is the disclosure of filenames, potentially configuration files or other sensitive data, which could aid a later attack but does not directly permit code execution.", "risk_and_exploitability": "The CVSS base score of 5.3 reflects medium severity. The likely attack vector is remote, requiring only network access to the vulnerable endpoint and no user credentials. The absence of authentication controls and the presence of an input validation flaw make the vulnerability readily exploitable for directory enumeration. Exploit probability information is not available. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, indicating that it may not have widespread, documented exploitation yet."}}}}, "created": "2026-03-30T20:56:29.677792+00:00", "updated": "2026-03-31T20:00:30.599216+00:00", "vendors": []}