Known exploited
dotCMS
CVE published 2022-08-25
CVE-2022-26352
CVE-2022-26352 is a dotCMS unrestricted file upload vulnerability that CISA placed in its Known Exploited Vulnerabilities catalog on 2022-08-25. Because CISA also marked it as having known ransomware campaign use, organizations running dotCMS should treat this as an urgent remediation item and follow vendor update guidance without delay.