Unrated severityNVD Advisory· Published Feb 6, 2026· Updated Feb 23, 2026

kalyan02 NanoCMS User Information pagesdata.txt direct request

CVE-2026-1978

Description

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The exploit is now public and may be used. You should change the configuration settings.

Affected products

kalyan02/NanoCMSv5
cpe:2.3:a:kalyan02:nanocms:*:*:*:*:*:*:*:*
Range: 0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/kalyan02/NanoCMS/blob/master/data/pagesdata.txtmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000