CVE-2026-30689: A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to s

Description

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

Related News (1 articles)

Tier C

VulDB9h ago

CVE-2026-30689 | blog.admin up to 8.0 API Interface getinfobytoken access control

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Published3/27/2026

Last enriched8h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 8h ago

v2Tier C8h ago

Updated vendor and product information, changed severity to HIGH, and noted that the vulnerability is actively exploited.

affectedVersionsseverityactivelyExploitedtags

via VulDB

v19h ago

Initial creation