https://feed.craftedsignal.io/tags/cve-2026-21861/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 01:19:59 +0000https://feed.craftedsignal.io/briefs/2026-04-basercms-command-injection/Tue, 31 Mar 2026 01:19:59 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-basercms-command-injection/baserCMS versions prior to 5.2.3 are vulnerable to OS command injection, allowing an authenticated administrator to execute arbitrary commands on the server via maliciously crafted input to the core update functionality.<p>baserCMS, a website development framework, is susceptible to an OS command injection vulnerability (CVE-2026-21861) in versions prior to 5.2.3. This flaw resides within the core update functionality, where user-controlled input is directly passed to the <code>exec()</code> function without proper sanitization or validation. A successful exploit allows an authenticated administrator to execute arbitrary operating system commands on the underlying server. The vulnerability was reported on March 30, 2026…</p> criticaladvisorycve-2026-21861command-injectionwebserver