CVE-2026-30689
CVE-2026-30689
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
27 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
anjoy8 · Blog.Core