CVE-2026-21861: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in baserproject basercms
baserCMS versions prior to 5. 2. 3 contain a critical OS command injection vulnerability in the core update functionality. An authenticated administrator can exploit this flaw to execute arbitrary operating system commands on the server. The vulnerability arises from improper neutralization of special elements in user input passed directly to the exec() function without adequate validation or escaping. This issue has been addressed and patched in version 5. 2. 3.
AI Analysis
Technical Summary
CVE-2026-21861 is an OS command injection vulnerability (CWE-78) in baserCMS, a website development framework. The flaw exists in the core update functionality where user-controlled input is passed unsafely to the exec() system call, allowing an authenticated administrator to execute arbitrary OS commands. This vulnerability affects baserCMS versions prior to 5.2.3 and has been fixed in version 5.2.3. The CVSS v3.1 base score is 9.1, indicating a critical severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an authenticated administrator to execute arbitrary OS commands on the server hosting baserCMS, potentially leading to full system compromise including unauthorized data access, modification, or service disruption. The vulnerability affects confidentiality, integrity, and availability of the affected system.
Mitigation Recommendations
Upgrade baserCMS to version 5.2.3 or later, where this vulnerability has been patched. No other mitigations are specified or required once the official fix is applied.
CVE-2026-21861: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in baserproject basercms
Description
baserCMS versions prior to 5. 2. 3 contain a critical OS command injection vulnerability in the core update functionality. An authenticated administrator can exploit this flaw to execute arbitrary operating system commands on the server. The vulnerability arises from improper neutralization of special elements in user input passed directly to the exec() function without adequate validation or escaping. This issue has been addressed and patched in version 5. 2. 3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-21861 is an OS command injection vulnerability (CWE-78) in baserCMS, a website development framework. The flaw exists in the core update functionality where user-controlled input is passed unsafely to the exec() system call, allowing an authenticated administrator to execute arbitrary OS commands. This vulnerability affects baserCMS versions prior to 5.2.3 and has been fixed in version 5.2.3. The CVSS v3.1 base score is 9.1, indicating a critical severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an authenticated administrator to execute arbitrary OS commands on the server hosting baserCMS, potentially leading to full system compromise including unauthorized data access, modification, or service disruption. The vulnerability affects confidentiality, integrity, and availability of the affected system.
Mitigation Recommendations
Upgrade baserCMS to version 5.2.3 or later, where this vulnerability has been patched. No other mitigations are specified or required once the official fix is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-05T16:44:16.367Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cb1e82e6bfc5ba1d9722a7
Added to database: 3/31/2026, 1:08:18 AM
Last enriched: 4/7/2026, 10:54:59 AM
Last updated: 5/15/2026, 3:07:16 AM
Views: 96
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.