CVE-2026-30877

CriticalRCE

Published: 31 March 2026

Published

31 March 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0020 41.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30877 is a critical-severity OS Command Injection (CWE-78) vulnerability in Basercms Basercms. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the known OS command injection flaw by promptly applying the patch in baserCMS version 5.2.3 directly prevents exploitation.

SI-10 Information Input Validation good match

prevent

Validating and sanitizing user inputs to the update functionality directly prevents OS command injection attacks like this CWE-78 vulnerability.

AC-6 Least Privilege partial match

prevent

Enforcing least privilege ensures that even authenticated administrators and the baserCMS-running user account have minimal OS command execution rights, limiting the impact of exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

OS command injection vulnerability in public-facing web application baserCMS enables remote code execution by authenticated admins, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the…

server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.

Deeper analysisAI

CVE-2026-30877 is an OS command injection vulnerability (CWE-78) in baserCMS, an open-source website development framework. The issue affects versions prior to 5.2.3 and exists in the update functionality, allowing injection of malicious commands. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), reflecting high severity due to network accessibility, low attack complexity, and elevated impacts across confidentiality, integrity, and availability with scope change.

Exploitation requires an authenticated attacker with administrator privileges in baserCMS. Such a user can remotely trigger the vulnerability without user interaction, executing arbitrary OS commands on the hosting server under the privileges of the baserCMS-running user account. This could enable full server compromise, including data exfiltration, modification, or destruction.

The vulnerability is patched in baserCMS version 5.2.3. Administrators should upgrade immediately to mitigate risk. Official details are provided in the baserCMS security advisory at https://basercms.net/security/JVN_20837860, the release notes at https://github.com/baserproject/basercms/releases/tag/5.2.3, and the GitHub security advisory at https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7.