CVE-2026-13546 | A vulnerability was found in Feehi CMS up to 2.1.1. This vul… | CVSS 7.3 HIGH

Description

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID: CVE-2026-13546
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-28 10:58 UTC
Published: 2026-06-29 07:15 UTC
Last updated: 2026-06-29 07:15 UTC
Primary CWE: CWE-306
Missing Authentication
Vendor / Product: Feehi / CMS
Sources: cve.org · NVD

Severity & Metrics

7.3 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
Feehi	CMS	—	2.1.0, 2.1.1

Weakness (CWE)

CWE	Source	Description
CWE-287	cna	Improper Authentication
CWE-306	cna	Missing Authentication

CVSS scores (4)

Score	Severity	Version	Source	Vector
7.5	N/D	2.0	cna	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
7.3	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.3	HIGH	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (5)

VDB-374554 | Feehi CMS REST API Endpoint articles missing authentication https://vuldb.com/vuln/374554
VDB-374554 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/374554/cti
CVE-2026-13546 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-13546
Submit #842603 | liufee cms 2.1.1 Any Article Delete https://vuldb.com/submit/842603
https://github.com/liufee/cms/issues/87