CVE 10 CRITICAL

Unauthenticated SQL Injection in dotCMS Publish Audit API_CVE-2026-8054

May 27, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The endpoints did not enforce authentication and accepted unsanitized input used in dynamically constructed SQL. The fix in dotCMS Core 26.04.28-03 requires an authenticated backend user with the publishing-queue portlet permission. LTS releases are not affected as the vulnerable code path was never backported.

AI Analysis

Unauthenticated SQL Injection vulnerability in dotCMS Publish Audit API

Basic Information

ID CVE-2026-8054

Source dotCMS

Published May 27, 2026 at 07:55

Affected Product

Vendor dotCMS

Product dotCMS Core

Version 25.11.04-1

Affected Versions dotCMS dotCMS Core 25.11.04-1

CWE Classification

CWE-89

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor dotCMS

Product dotCMS Core

Version 25.11.04-1, 26.04.28-02

References

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The endpoints did not enforce authentication and accepted unsanitized input used in dynamically constructed SQL. The fix in dotCMS Core 26.04.28-03 requires an authenticated backend user with the publishing-queue portlet permission. LTS releases are not affected as the vulnerable code path was never backported.",
    "published": "2026-05-27T07:55:25.905Z",
    "modified": "2026-05-27T07:55:25.905Z",
    "type": "cve",
    "title": "Unauthenticated SQL Injection in dotCMS Publish Audit API",
    "source": "dotCMS",
    "references": "https://dev.dotcms.com/docs/known-security-issues?issueNumber=SI-75\nhttps://github.com/dotCMS/core/pull/35553",
    "id": "CVE-2026-8054",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "dotCMS dotCMS Core 25.11.04-1",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dotCMS Core",
    "version": "25.11.04-1",
    "vendor": "dotCMS",
    "ai_description": "Unauthenticated SQL Injection vulnerability in dotCMS Publish Audit API",
    "ai_severity": "Critical",
    "ai_vendor": "dotCMS",
    "ai_product": "dotCMS Core",
    "ai_version": "25.11.04-1, 26.04.28-02",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply