CVE-2026-35035 โ CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready,โฆ
Image via opengraph.githubassets.com
๐จ CVE-2026-35035 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0 , the application fails to properly sanitize user-controlled input within System Settings โ Company Information.
Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
github.com
What This Means For You
- New vulnerability disclosed โ verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-35035 | XSS | Software: CI4MS, Affected Version: < 0.31.2.0, Vulnerable Component: System Settings โ Company Information, Impact: Stored XSS on public-facing pages |
| CVE-2026-35035 | Information Disclosure | Software: CI4MS, Affected Version: < 0.31.2.0, Vulnerable Component: System Settings โ Company Information, Impact: Unencoded user-controlled input rendered on public pages |
๐ Recommended Tools
๐ค
SCW Elite Bot
Get IOC packs, detection rules & premium threat intel โ pay with Telegram Stars โญ
Open Bot โ
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158318 |
| Published | April 07, 2026 at 20:26 UTC |
| Original Link | https://github.com/ci4-cms-erp/ci4ms/security/advisories/... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share