CVE-2026-30458
published 2026-03-26CVE-2026-30458: An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
PriorityP347critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.41%
32.7th percentile
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thedaylightstudio | fuel_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-30457 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30457 [MEDIUM] CVE-2026-30457 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30457 :
Fuel CMS vulnerability analysis and mitigation
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
Source : NVD
## 9.8
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 26
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
Linux Severity CRITICAL No Fix Added at: Mar 31, 2026
Windows Severity CRITICAL No Fix Added at: Mar 31, 2026
Linux Severity CRITICAL No Fix Added at: Apr 02, 2026
Windows Severity CRITICAL No Fix Added
Wiz
CVE-2026-30458 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30458 [MEDIUM] CVE-2026-30458 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30458 :
Fuel CMS vulnerability analysis and mitigation
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
Source : NVD
## 9.1
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
Linux Severity CRITICAL No Fix Added at: Mar 31, 2026
Windows Severity CRITICAL No Fix Added at: Mar 31, 2026
Linux Severity CRITICAL No Fix Added at: Apr 02, 2026
Windows Severity CRITICAL No Fix Added at:
Wiz
CVE-2026-30463 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30463 [MEDIUM] CVE-2026-30463 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30463 :
Fuel CMS vulnerability analysis and mitigation
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
Source : NVD
## 7.7
Score
Published March 26, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
Linux Severity HIGH No Fix Added at: Mar 31, 2026
Windows Severity HIGH No Fix Added at: Mar 31, 2026
Linux Severity HIGH No Fix Added at: Apr 02, 2026
Windows Severity HIGH No Fix Added at: Apr 02, 2026
## Get
Wiz
CVE-2026-30460 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-30460 [MEDIUM] CVE-2026-30460 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30460 :
Fuel CMS vulnerability analysis and mitigation
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
Source : NVD
## 8.8
Score
Published April 7, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Fuel CMS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:thedaylightstudio:fuel_cms
Sources
NVD
Linux Severity HIGH No Fix Added at: Apr 10, 2026
Windows Severity HIGH No Fix Added at: Apr 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on wha
2026-03-26
Published