Home / Vulnerability Intelligence / CVE-2026-30993

CVE-2026-30993 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 17, 2026

Slah CMS - Remote Code Execution

Published: April 15, 2026Updated: April 17, 2026Remote Exploitable

Overview

Slah CMS <= 1.5.0 contains a remote code execution caused by improper input handling in the session() function at config.php, letting remote attackers execute arbitrary code, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 28.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code, potentially taking full control of the affected system.

Mitigation

Update to the latest version of Slah CMS.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 17, 2026

🔴 CVE-2026-30993 - Critical (9.8) Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30993/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30993
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: rejected
EPSS: 28.7%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

28.7%Probability of exploitation in the next 30 days