CVE Catalog
CVE-2026-30458
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.40%
32th percentile - higher than 32% of all known CVEs
Summary
A vulnerability in FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
Risk Assessment
An attacker can obtain password reset tokens, leading to account takeover and potential compromise of the entire application.
Recommendation
Immediately update FuelCMS to the latest version and implement email header validation and sanitization mechanisms.
Original NVD description (English source)
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

