Home / Vulnerability Intelligence / CVE-2026-30457

CVE-2026-30457 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 28, 2026

Daylight Studio FuelCMS - Remote Code Execution

Published: March 26, 2026Updated: March 28, 2026Remote Exploitable

Overview

Daylight Studio FuelCMS v1.5.2 contains a remote code execution caused by crafted PHP code in /parser/dwoo component, letting attackers execute arbitrary code remotely, exploit requires crafted PHP code.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 7.1%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version of Daylight Studio FuelCMS.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 29, 2026

🔴 CVE-2026-30457 - Critical (9.8) An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30457/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30457
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: new
EPSS: 7.1%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.1%Probability of exploitation in the next 30 days