CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-30459

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.3%

CVSS Severity

CVSS v3 Score 7.1

References

http://daylight.com
http://fuelcms.com
https://github.com/daylightstudio/FUEL-CMS/blob/master/fuel/modules/fuel/controllers/Login.php
https://pentest-tools.com/PTT-2025-029-Password-Reset-Poisoning-via-Host-Header.pdf

Products affected by CVE-2026-30459

Thedaylightstudio » Fuel Cms » Version: 1.5.2

cpe:2.3:a:thedaylightstudio:fuel_cms:1.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-30459

Products

Pricing

Contact Us