PT-2026-28399 · Daylight Studio · Fuel Cms
Published
2026-03-26
·
Updated
2026-03-29
·
CVE-2026-30458
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Daylight Studio FuelCMS version 1.5.2
Description
An issue exists in Daylight Studio FuelCMS version 1.5.2 that allows attackers to obtain users' password reset tokens through a mail splitting attack. A mail splitting attack involves manipulating email systems to deliver multiple recipients' emails to unintended addresses, potentially exposing sensitive information.
Recommendations
Update Daylight Studio FuelCMS to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fuel Cms