CVE Catalog

CVE-2026-30462

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile - higher than 40% of all known CVEs

Summary

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to perform directory traversal operations.

Risk Assessment

An attacker can gain unauthorized access to files outside the application's root directory, potentially leading to sensitive data leakage or further attack escalation.

Recommendation

Immediately update FuelCMS to the latest available version that fixes this vulnerability, and restrict access to the Blocks module to trusted users only.

Original NVD description (English source)

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS