PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15530 WuzhiCMS CVE debrief

A medium-severity vulnerability, CVE-2026-15530, was found in WuzhiCMS up to 4.1.0. This vulnerability affects the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API, potentially leading to information disclosure. The vulnerability can be exploited remotely. Users of WuzhiCMS should be aware of this vulnerability and take necessary actions to protect their systems. The vulnerability's details are based on limited source information, and further verification is needed to confirm its full impact.

Vendor
WuzhiCMS
Product
WuzhiCMS
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of WuzhiCMS up to version 4.1.0 should be aware of this vulnerability and take necessary actions to protect their systems. This includes administrators, security teams, and operators who manage WuzhiCMS deployments. They should review the vulnerability details, assess their exposure, and plan for mitigations or updates as needed.

Technical summary

The vulnerability, CVE-2026-15530, in WuzhiCMS up to 4.1.0, affects the config/listimage function of the /index.php?m=attachment&f=index&v=upload file in the Attachment API component. This flaw allows for information disclosure and can be exploited remotely. The vulnerability's technical details are based on limited source information. Further analysis is required to fully understand its impact and potential mitigations. Affected users should consider updating WuzhiCMS beyond version 4.1.0 if available and restrict access to the Attachment API. Monitoring for suspicious activity related to the Attachment API is also recommended. The CVE record was published on 2026-07-13T06:16:26.810Z and has not been modified since then. The NVD entry is currently in the 'Received' status.

Defensive priority

Medium priority due to the potential for information disclosure and remote exploitability. Defenders should prioritize patching or mitigating this vulnerability based on their risk assessment and exposure to WuzhiCMS.

Recommended defensive actions

  • Update WuzhiCMS to a version beyond 4.1.0 if available
  • Restrict access to the Attachment API
  • Monitor for suspicious activity related to the Attachment API
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-13T06:16:26.810Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The vulnerability affects WuzhiCMS up to version 4.1.0, and its details are based on limited source information. Further verification is needed to confirm the full scope of affected systems and potential impact.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T06:16:26.810Z and has not been modified since then. The NVD entry is currently in the 'Received' status.