CVE-2026-30877 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 1, 2026
baserCMS - Command Injection
Overview
baserCMS < 5.2.3 contains an OS command injection caused by improper input handling in the update functionality, letting authenticated administrators execute arbitrary OS commands on the server, exploit requires administrator privileges.
Severity & Score
Impact
Authenticated administrators can execute arbitrary OS commands, potentially leading to full server compromise.
Mitigation
Upgrade to version 5.2.3 or later.
References
Social Media Activity(3 posts)
š„ CRITICAL: CVE-2026-30877 in baserCMS (<5.2.3) enables admin users to execute arbitrary OS commands via update functionality (CWE-78). Patch to 5.2.3+ immediately! https://radar.offseq.com/threat/cve-2026-30877-cwe-78-improper-neutralization-of-s-36a348b4 #OffSeq #baserCMS #CVE202630877 #infosec
View original post
š“ CVE-2026-30877 - Critical (9.1) baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitra... š https://www.thehackerwire.com/vulnerability/CVE-2026-30877/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-30877 - Critical (9.1) baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitra... š https://www.thehackerwire.com/vulnerability/CVE-2026-30877/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30877
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 17.4%
- Social Posts
- 3
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H