CVE-2026-30878

MEDIUM

baserCMS: Mail Form Acceptance Bypass via Public API

Title source: cna
STIX 2.1

Description

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.

References (3)

Scores

CVSS v3 5.3
EPSS 0.0004
EPSS Percentile 11.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-285
Status published
Products (3)
basercms/basercms < 5.2.3
baserproject/basercms 0 - 5.2.3Packagist
baserproject/basercms < 5.2.3
Published Mar 31, 2026
Tracked Since Mar 31, 2026