CVE-2026-30460

Description

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.

PUBLISHED Reserved 2026-03-04 | Published 2026-04-07 | Updated 2026-04-09 | Assigner mitre

References

pentest-tools.com/PTT-2025-027-Improper-Authorization.pdf exploit

github.com/daylightstudio/FUEL-CMS/

daylight.com

fuelcms.com

pentest-tools.com/PTT-2025-027-Improper-Authorization.pdf

cve.org (CVE-2026-30460)

nvd.nist.gov (CVE-2026-30460)

Download JSON