CVE-2026-10514NVD

Description

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 mitigates this issue. The identifier of the patch is c87682afa8df79853299f75489c9d333f7bc5fce. It is suggested to upgrade the affected component.

Severity Level

LOW (2.4)

Published Date

01/06/2026

Last Modified

02/06/2026

Exploitation Status

????

References

https://vuldb.com/vuln/367596
https://vuldb.com/vuln/367596/cti
https://vuldb.com/cve/CVE-2026-10514
https://vuldb.com/submit/828296
https://github.com/1Panel-dev/CordysCRM/issues/2229
https://github.com/1Panel-dev/CordysCRM/pull/2356
https://github.com/1Panel-dev/CordysCRM/commit/c87682afa8df79853299f75489c9d333f7bc5fce
https://github.com/1Panel-dev/CordysCRM/releases/tag/v1.7.0
https://github.com/1Panel-dev/CordysCRM/

Critical Alert 2 Active Exploits Detected Today

CVE Watchtower

CVE-2026-10514NVD

Description

References