Sanluan PublicCMS 5.202506.d SafeConfigComponent HardCoded Key CVE-2026-8739: CVE-2026-8739 May 2026

Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile_key results in use of hard-coded cryptographic key . The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Timeline

2026-05-16

Advisory disclosed

2026-05-16

VulDB entry created

2026-05-16

VulDB entry last update

Weakness Types

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Key Management Errors

Weaknesses in this category are related to errors in the management of cryptographic keys.

Products Associated with CVE-2026-8739

Want to know whenever a new CVE is published for Publiccms? stack.watch will email you.

Sanluan PublicCMS 5.202506.d SafeConfigComponent HardCoded Key CVE-2026-8739
CVE-2026-8739 Published on May 17, 2026

Timeline

Weakness Types

Use of Hard-coded Cryptographic Key

Key Management Errors

Products Associated with CVE-2026-8739

Affected Versions

Sanluan PublicCMS 5.202506.d SafeConfigComponent HardCoded Key CVE-2026-8739CVE-2026-8739 Published on May 17, 2026

Timeline

Weakness Types

Use of Hard-coded Cryptographic Key

Key Management Errors

Products Associated with CVE-2026-8739

Affected Versions

Sanluan PublicCMS 5.202506.d SafeConfigComponent HardCoded Key CVE-2026-8739
CVE-2026-8739 Published on May 17, 2026