Primary

Context

Sarman Soft CMS Execution After Redirect Vulnerability Allowing JSON Hijacking and Authentication Bypass

Vulnerability

An Execution After Redirect (EAR) vulnerability has been identified in the Sarman Soft CMS, developed by Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. This vulnerability allows JSON Hijacking, also known as JavaScript Hijacking, and Authentication Bypass. It affects the CMS versions through 10022026.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of user authentication, allowing attackers to bypass authentication mechanisms and potentially access or modify sensitive information.

Remediation

The vendor has not yet addressed this vulnerability. Users are advised to consider alternative applications.

Added: Feb 10, 2026, 3:00 PM

Updated: Feb 10, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sarman Soft CMS Execution After Redirect Vulnerability Allowing JSON Hijacking and Authentication Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating