CVE Catalog

CVE-2026-30689

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

In Blog.Core up to version bcb4d17, the getinfobytoken API interface has improper access control leading to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.

Risk Assessment

The risk involves potential leakage of administrator data, which could allow an attacker to take control of the system and access critical resources.

Recommendation

It is recommended to immediately update Blog.Core to a patched version and implement authorization mechanisms for the getinfobytoken API.

Original NVD description (English source)

In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS