CVE-2026-4562 (CVSS 7.3, High) is a missing authentication flaw in MacCMS 2025.1000.4052 that allows unauthenticated access to the Timming API endpoint; a public exploit is available. No confirmed patch is available in source data at time of publication; verify remediation status directly with the MacCMS vendor. Organizations should immediately block external access to the Timming API endpoint via WAF or reverse proxy and restrict MacCMS to trusted IP ranges until a verified fix is applied.