top of page
perceptive_background_267k.jpg

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php …

Published:

28 februari 2026 om 23:00:00

Alert date:

1 maart 2026 om 15:01:01

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A critical code injection vulnerability (CVE-2026-3395) has been discovered in MaxSite CMS versions up to 109.1. The flaw affects the eval function in the MarkItUp Preview AJAX Endpoint file (application/maxsite/admin/plugins/editor_markitup/preview-ajax.php). Attackers can exploit this vulnerability remotely to inject malicious code. The exploit has been publicly disclosed and is available for use. The vulnerability has been patched in version 109.2 with commit 08937a3c5d672a242d68f53e9fccf8a748820ef3. Users are strongly advised to upgrade immediately to the fixed version.

Technical details

Mitigation steps:

Affected products:

MaxSite CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-3395
https://github.com/maxsite/cms/
https://github.com/maxsite/cms/commit/08937a3c5d672a242d68f53e9fccf8a748820ef3
https://vuldb.com/?ctiid.348281
https://vuldb.com/?id.348281
https://vuldb.com/?submit.762169

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page