CVE Catalog

CVE-2026-30458

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

A vulnerability in FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

Risk Assessment

An attacker can obtain password reset tokens, leading to account takeover and potential compromise of the entire application.

Recommendation

Immediately update FuelCMS to the latest version and implement email header validation and sanitization mechanisms.

Original NVD description (English source)

An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS