CVE-2026-30878

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.2.3

Description baserCMS is a website development framework. A publicly accessible mail submission API allows unauthenticated users to submit mail form entries, even when the corresponding form is configured to not accept submissions. This circumvents administrative controls designed to prevent form submissions and could enable spam or abuse through the API. The vulnerable API endpoint is a mail submission form.

Recommendations Update to version 5.2.3 or later.