CVE-2026-30878 — Improper Authorization in Basercms

CWE-285 — Improper Authorization4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 88.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedMar 31

Description

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDbasercms/basercms< 5.2.3

▶CVEListV5baserproject/basercms< 5.2.3

▶Packagistbaserproject/basercms< 5.2.3

🔴Vulnerability Details

GHSA

baserCMS has Mail Form Acceptance Bypass via Public API↗2026-03-31

▶

OSV

baserCMS has Mail Form Acceptance Bypass via Public API↗2026-03-31

▶

🕵️Threat Intelligence

Wiz

CVE-2026-30878 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶