CVE-2026-29909
Unauthenticated Directory Enumeration in MRCMS File Management Module
Publication date: 2026-03-30
Last updated on: 2026-04-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mrcms | mrcms | 3.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote attackers to enumerate directory contents on the server, potentially exposing sensitive server directory structures and configuration files.
Exposure of sensitive information through directory enumeration can lead to violations of data protection standards and regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive data.
By lacking authentication controls and proper input validation, this vulnerability undermines the confidentiality and integrity requirements mandated by these regulations.
Can you explain this vulnerability to me?
CVE-2026-29909 is an unauthenticated directory enumeration vulnerability in MRCMS version 3.1.2. It exists in the file management module at the endpoint /admin/file/list.do, which lacks authentication controls and proper input validation. This allows remote attackers to enumerate the contents of directories on the server without needing any credentials.
Attackers can exploit this by sending specially crafted requests with directory traversal parameters to access restricted directories and files on the server.
How can this vulnerability impact me? :
This vulnerability can allow attackers to access sensitive server directory structures and configuration files without authentication. Such unauthorized access can lead to information disclosure, which may be leveraged for further attacks or exploitation of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending unauthenticated HTTP GET requests to the vulnerable endpoint `/admin/file/list.do` with a `path` parameter that attempts directory traversal to enumerate server directories.
A typical command to test this would be using curl to send a request like:
- curl -v "http://<target-server>/admin/file/list.do?path=../../../src/main/resources/"
If the server responds with directory contents without requiring authentication, it confirms the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the `/admin/file/list.do` endpoint by enforcing proper authentication and authorization controls.
Additionally, input validation should be implemented on the `path` parameter to prevent directory traversal attacks.
If possible, temporarily block or restrict access to this endpoint at the network level until a patch or update is applied.