Cyber Resilience

CVE-2026-30689

HighPublic PoC

Published: 27 March 2026

Published
27 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0006 18.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30689 is a high-severity Improper Access Control (CWE-284) vulnerability in Anjoy8 Blog.Admin. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-30689 is an improper access control vulnerability in the getinfobytoken API interface of blog.admin versions 8.0 and earlier. This flaw allows sensitive data exposure, enabling unauthorized parties to obtain sensitive administrator account information through a valid token, thereby threatening overall system security. The vulnerability is classified under CWE-284 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility and no privileges required.

A remote attacker with no authentication can exploit this vulnerability over the network with low complexity and no user interaction. By sending a request to the affected API endpoint using a valid token, the attacker can retrieve sensitive administrator account details, potentially facilitating further attacks such as account takeover or privilege escalation.

Advisories and additional details are available in the provided references, including the vendor site at http://blagadmin.com, a GitHub Gist at https://gist.github.com/Sw3092567023/c420c6a5ee947d72aeab2b3e0ba92a40, and the related Blog.Core repository at https://github.com/anjoy8/Blog.Core, which may cover patches or mitigation guidance.

EU & UK References

Vulnerability details

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper access control in public-facing getinfobytoken API allows remote unauthenticated exploitation to disclose sensitive admin account data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39339Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-26010Shared CWE-284
CVE-2026-34291Shared CWE-284
CVE-2023-47539Shared CWE-284
CVE-2026-23899Shared CWE-284
CVE-2025-7016Shared CWE-284
CVE-2026-46822Shared CWE-284
CVE-2024-37566Shared CWE-284
CVE-2025-66509Shared CWE-284

Affected Assets

anjoy8
blog.admin
8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires enforcement of approved authorizations for access to sensitive administrator information, directly addressing the improper access control in the getinfobytoken API.

prevent

Ensures access control decisions for system resources like the API endpoint properly authorize requests based on valid tokens and privileges, preventing unauthorized exposure of admin data.

detect

Monitors for unauthorized disclosures of sensitive information such as administrator account details leaked via the vulnerable API interface.

References