CVE-2026-3794

HighPublic PoC

Published: 09 March 2026

Published

09 March 2026

Modified

10 March 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0018 39.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is…

publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Requires identification and authentication of non-organizational users or processes, directly preventing remote unauthorized access to the vulnerable /api/v1/mail/send Email API endpoint.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations, mitigating the improper authentication bypass in the Email API processing logic.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the identified improper authentication flaw in DoraCMS 3.0.x, including patching or workarounds given the public exploit.

Security SummaryAI

CVE-2026-3794 is an improper authentication vulnerability (CWE-287) affecting doramart DoraCMS version 3.0.x. The issue resides in the unknown processing logic of the /api/v1/mail/send endpoint within the Email API component, allowing manipulation that bypasses authentication controls. This flaw carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.

The vulnerability enables remote attackers with no required privileges or user interaction to exploit the Email API endpoint. Successful exploitation grants limited access, resulting in low-level impacts on confidentiality, integrity, and availability, such as unauthorized email sending or related API actions.

VulDB advisories, referenced at https://vuldb.com/?ctiid.349761, https://vuldb.com/?id.349761, and https://vuldb.com/?submit.768239, document the issue but note no vendor response despite early disclosure notification. No patches or official mitigations are available, and a public exploit exists that may be actively used.

Security teams should isolate or disable the affected Email API endpoint on DoraCMS 3.0.x instances, monitor for anomalous /api/v1/mail/send traffic, and consider upgrading if a future patch emerges, given the public exploit availability.

Details

CWE(s): CWE-287

Affected Products

html-js

doracms

all versions

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an improper authentication bypass in a public-facing web application's Email API endpoint (/api/v1/mail/send), enabling remote unauthenticated exploitation, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.349761
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.349761
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.768239
Third Party Advisory, VDB Entry, Exploit · cna@vuldb.com