CVE-2026-38930 | THREATINT

Description

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter.

PUBLISHED Reserved 2026-04-06 | Published 2026-05-27 | Updated 2026-05-28 | Assigner mitre

References

moworn.github.io/post/cve-2026-38930/ exploit

openrapid.com

rapidcms.com

moworn.github.io/post/cve-2026-38930/

cve.org (CVE-2026-38930)

nvd.nist.gov (CVE-2026-38930)

Download JSON