CVE-2026-30459
published 2026-04-16CVE-2026-30459: An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user…
PriorityP335high7.1CVSS 3.1
AVNACLPRNUIRSUCLIHAN
EPSS
0.31%
22.8th percentile
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thedaylightstudio | fuel_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c29w-82wc-qh7v: An issue in the Forgot Password feature of Daylight Studio FuelCMS v1
ghsa_unreviewed·2026-04-16
CVE-2026-30459 [HIGH] CWE-640 GHSA-c29w-82wc-qh7v: An issue in the Forgot Password feature of Daylight Studio FuelCMS v1
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
VulDB
Daylight Studio FuelCMS 1.5.2 Forgot Password Feature password recovery
vuldb·2026-04-16·CVSS 7.1
CVE-2026-30459 [HIGH] Daylight Studio FuelCMS 1.5.2 Forgot Password Feature password recovery
A vulnerability has been found in Daylight Studio FuelCMS 1.5.2 and classified as problematic. This impacts an unknown function of the component Forgot Password Feature. Performing a manipulation results in weak password recovery.
This vulnerability is reported as CVE-2026-30459. The attack is possible to be carried out remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-16
Published