Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Daylight Studio FuelCMS Password Reset Token Leaked via Malicious Email
CVE-2026-30459
Summary
A security issue in Daylight Studio FuelCMS v1.5.2 allows attackers to reset a user's password without knowing their current password. This is done by sending a specially crafted email link to the user, which can be sent by anyone. To fix this, update to a newer version of FuelCMS or apply a patch.
Original title
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e...
Original description
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
Vulnerability type
CWE-640
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026