CVE-2026-30689
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
In Blog.Core up to version bcb4d17, the getinfobytoken API interface has improper access control leading to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.
Risk Assessment
The risk involves potential leakage of administrator data, which could allow an attacker to take control of the system and access critical resources.
Recommendation
It is recommended to immediately update Blog.Core to a patched version and implement authorization mechanisms for the getinfobytoken API.
Original NVD description (English source)
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.

