CVE-2026-30461 | THREATINT

Description

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PUBLISHED Reserved 2026-03-04 | Published 2026-04-15 | Updated 2026-04-16 | Assigner mitre

References

daylight.com

fuelcms.com

github.com/...er/fuel/modules/fuel/controllers/Installer.php

pentest-tools.com/...uthenticated-RCE-via-Git-Submodules.pdf

cve.org (CVE-2026-30461)

nvd.nist.gov (CVE-2026-30461)

Download JSON