CVE-2026-8054

Confirmed PUBLISHED

Unauthenticated SQL Injection in dotCMS Publish Audit API

dotCMS · dotCMS Core

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
11
Unique Attacker IPs
6
CISA KEV
Not yet in CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
10.0 Critical EPSS 1.6%

At a Glance

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The endpoints did not enforce authentication and accepted unsanitized input used in dynamically constructed SQL. The fix in dotCMS Core 26.04.28-03 requires an authenticated backend user with the publishing-queue portlet permission. LTS releases are not affected as the vulnerable code path was never backported.

nuclei_scanner
CVE Published
May 27, 2026
Exploited Since
Jun 08, 2026
CVSS
10.0 Critical
EPSS
1.6%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
dotCMS
dotCMS Core

dotcms-core

25.11.04-1 to <= 26.04.28-02

Affected
dotCMS
dotCMS Core

dotcms-core

26.04.28-03

Unaffected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.