External risk intelligence

ChestnutCMS can be compromised to gain administrative control and disrupt services.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-36458

An internal attacker with administrative access to ChestnutCMS can exploit a system flaw to run unauthorized database commands. This enables them to steal sensitive business information, such as user credentials and site configuration data.

3Halo Surface Signal

Code Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-36458

The vulnerability exists in the administrative backend of a content management system. While administrative interfaces are often web-accessible, they are typically protected by access controls or network restrictions rather than being intended for public exposure. This makes public internet accessibility possible, but it is not a default or guaranteed deployment pattern.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

ChestnutCMS versions prior to 1.5.10 contain a critical SQL injection vulnerability. This flaw allows for malicious input to be embedded within content that is later processed by the system, potentially leading to unauthorized access or modification of your database. Because this vulnerability is reachable from the internet, it demands immediate attention to prevent compromise.

  • Can lead to full database compromise.
  • Affects administrative backend users.
  • Exploitable remotely.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this SQL injection vulnerability by injecting malicious SQL code into the `content` parameter of the `cms_content` tag within ChestnutCMS. This could occur when an administrator is using the admin backend to manage content, allowing the attacker to manipulate the database during template rendering.

  • Requires admin backend access.
  • Targets `cms_content` tag.
  • SQL injection into queries.

Live Threat

Current exploitation, exposure, and threat context

This SQL injection vulnerability in ChestnutCMS, affecting an admin backend tag, presents a moderate risk for weaponization as direct public access is unlikely. Attackers typically target vulnerabilities exposed directly to the internet, and while admin interfaces can be web-facing, they are often secured by additional layers. The deferred status of the vulnerability may indicate limited immediate exploitation.

  • No public exploit code observed.
  • No KEV listing.
  • Vulnerability published recently.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize blocking network access to the ChestnutCMS admin backend, especially if it's externally exposed, and immediately investigate logs for any signs of SQL injection attempts. Since this is a critical SQL injection vulnerability with a high CVSS score, and no patch information is readily available, focus on containment and detection.

  • Block all external access to admin.
  • Monitor SQL query logs for anomalies.
  • Deploy Web Application Firewall (WAF) rules.

Frequently asked questions

What is ChestnutCMS and its primary function in web content management?

ChestnutCMS is a content management system designed for creating and managing website content, typically through an administrative interface.

How does the SQL injection vulnerability in ChestnutCMS allow for exploitation?

The vulnerability, identified as CWE-94, allows attackers to manipulate the 'content' parameter within the 'cms_content' tag. This manipulation injects malicious SQL code that is executed when templates are rendered, potentially compromising the database.

What conditions are necessary for an attacker to exploit the ChestnutCMS SQL injection flaw?

Exploitation requires the ability to manipulate the 'content' parameter of the 'cms_content' tag, which can occur within the administrative backend of ChestnutCMS.

What is the significance of CVE-2026-36458 regarding potential impact and accessibility?

CVE-2026-36458 has a critical severity score. While administrative interfaces are often web-accessible, they are usually protected by access controls, making direct public internet exposure less common than for other types of vulnerabilities. The vulnerability is rated as 'Possible' for widespread exploitation, with a low likelihood of being actively exploited in the wild.

What immediate actions should be taken to mitigate the risks associated with this ChestnutCMS vulnerability?

Prioritize blocking network access to the ChestnutCMS admin backend, especially if externally exposed. Investigate logs for SQL injection attempts and monitor query logs for anomalies. Deploy Web Application Firewall (WAF) rules as a containment measure.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified