CVE-2026-30880

CriticalRCE

Published: 31 March 2026

Published

31 March 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0023 46.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30880 is a critical-severity OS Command Injection (CWE-78) vulnerability in Basercms Basercms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2026-30880 by requiring timely remediation through patching baserCMS to version 5.2.3 or later.

SI-10 Information Input Validation good match

prevent

Prevents OS command injection in the baserCMS installer by validating and sanitizing all external inputs before processing.

CM-7 Least Functionality partial match

prevent

Reduces exposure to the installer vulnerability by configuring baserCMS to provide only essential capabilities and prohibiting unnecessary remote installer access.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

CVE enables unauthenticated RCE via OS command injection in public-facing web installer (T1190), directly facilitating command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

Deeper analysisAI

CVE-2026-30880 is an OS command injection vulnerability (CWE-78) affecting baserCMS, an open-source website development framework. The flaw exists in the installer component of versions prior to 5.2.3, allowing arbitrary operating system commands to be executed. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

An unauthenticated remote attacker can exploit this vulnerability by targeting the installer interface over the network. Successful exploitation enables full system compromise, with high impacts on confidentiality, integrity, and availability, such as executing arbitrary commands, reading sensitive data, modifying files, or disrupting services on the affected host.

The issue has been addressed in baserCMS version 5.2.3, as detailed in the project's release notes and security advisory. Official advisories, including those from baserCMS (JVN_20837860) and GitHub (GHSA-6hpg-8rx3-cwgv), recommend immediate upgrading to the patched version to mitigate the vulnerability.