Home / Vulnerability Intelligence / CVE-2026-30458

CVE-2026-30458 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 28, 2026

Daylight Studio FuelCMS - Information Disclosure

Published: March 26, 2026Updated: March 28, 2026Remote Exploitable

Overview

Daylight Studio FuelCMS v1.5.2 contains a mail splitting vulnerability caused by improper handling of email headers, letting attackers exfiltrate users' password reset tokens, exploit requires sending crafted emails.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 2.9%(Probability of exploitation in next 30 days)

Impact

Attackers can steal password reset tokens, potentially leading to account takeover.

Mitigation

Update to the latest version of FuelCMS.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 29, 2026

🔴 CVE-2026-30458 - Critical (9.1) An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30458/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30458
Severity: Critical
CVSS Score: 9.1
Type: mail_splitting
Status: new
EPSS: 2.9%
Social Posts: 1

CWE

CWE-620

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.9%Probability of exploitation in the next 30 days