Cyber Resilience

CVE-2026-30880

CriticalRCE

Published: 31 March 2026

Published
31 March 2026
Modified
01 April 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0206 78.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30880 is a critical-severity OS Command Injection (CWE-78) vulnerability in Basercms Basercms. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30880 is an OS command injection vulnerability (CWE-78) affecting baserCMS, an open-source website development framework. The flaw exists in the installer component of versions prior to 5.2.3, allowing arbitrary operating system commands to be executed. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

An unauthenticated remote attacker can exploit this vulnerability by targeting the installer interface over the network. Successful exploitation enables full system compromise, with high impacts on confidentiality, integrity, and availability, such as executing arbitrary commands, reading sensitive data, modifying files, or disrupting services on the affected host.

The issue has been addressed in baserCMS version 5.2.3, as detailed in the project's release notes and security advisory. Official advisories, including those from baserCMS (JVN_20837860) and GitHub (GHSA-6hpg-8rx3-cwgv), recommend immediate upgrading to the patched version to mitigate the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

CVE enables unauthenticated RCE via OS command injection in public-facing web installer (T1190), directly facilitating command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30877Same product: Basercms Basercms
CVE-2026-21861Same product: Basercms Basercms
CVE-2026-27697Same product: Basercms Basercms
CVE-2026-30940Same product: Basercms Basercms
CVE-2026-32734Same product: Basercms Basercms
CVE-2025-32957Same product: Basercms Basercms
CVE-2026-28470Shared CWE-78
CVE-2025-69269Shared CWE-78
CVE-2025-24971Shared CWE-78
CVE-2026-22553Shared CWE-78

Affected Assets

basercms
basercms
≤ 5.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-30880 by requiring timely remediation through patching baserCMS to version 5.2.3 or later.

prevent

Prevents OS command injection in the baserCMS installer by validating and sanitizing all external inputs before processing.

prevent

Reduces exposure to the installer vulnerability by configuring baserCMS to provide only essential capabilities and prohibiting unnecessary remote installer access.

References