baserCMS: Mail Form Acceptance Bypass via Public API_CVE-2026-30878

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.

Basic Information

ID CVE-2026-30878

Source GitHub_M

Published Mar 31, 2026 at 00:45

Modified Mar 31, 2026 at 19:09

Affected Product

Vendor baserproject

Product basercms

Version < 5.2.3

Affected Versions baserproject basercms < 5.2.3

CWE Classification

CWE-285

References

{
    "lastseen": "",
    "description": "baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.",
    "published": "2026-03-31T00:45:21.294Z",
    "modified": "2026-03-31T19:09:18.507Z",
    "type": "cve",
    "title": "baserCMS: Mail Form Acceptance Bypass via Public API",
    "source": "GitHub_M",
    "references": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c\nhttps://basercms.net/security/JVN_20837860\nhttps://github.com/baserproject/basercms/releases/tag/5.2.3",
    "id": "CVE-2026-30878",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "baserproject basercms < 5.2.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "basercms",
    "version": "< 5.2.3",
    "vendor": "baserproject",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}