Executive Summary

CVE-2026-3794 is a vulnerability in DoraCMS version 3.0.x affecting the Email API endpoint /api/v1/mail/send. It allows an attacker to send emails through this API without any authentication, meaning no login or registration is required.

The issue arises because the system does not properly verify the identity of the user making the request, leading to improper authentication. An attacker can send a crafted HTTP POST request with specific parameters to exploit this flaw.

This vulnerability enables unauthorized users to send arbitrary emails from the vulnerable system, potentially abusing it for spam, phishing, or other malicious email campaigns.

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing attackers to send unauthorized emails from your DoraCMS system.'}, {'type': 'list_item', 'content': "It can be used to send spam emails, which may damage your system's reputation."}, {'type': 'list_item', 'content': 'Attackers could launch phishing campaigns using your system, potentially tricking recipients into revealing sensitive information.'}, {'type': 'list_item', 'content': 'The confidentiality, integrity, and availability of your system can be compromised due to this improper authentication flaw.'}, {'type': 'list_item', 'content': 'Since the exploit is publicly available and requires no authentication, the risk of exploitation is high.'}] [1, 2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to send an unauthenticated HTTP POST request to the vulnerable Email API endpoint /api/v1/mail/send with a crafted JSON payload. A typical detection method involves using curl to simulate the exploit attempt.'}, {'type': 'list_item', 'content': 'Use the following curl command to test if the endpoint is vulnerable by sending a crafted email request without authentication:'}, {'type': 'list_item', 'content': 'curl -X POST http://<target>/api/v1/mail/send -H "Content-Type: application/json" -d \'{"tempkey":"-1","title":"POC Bulk Mail","content":"<h1>POC</h1>","targets":["[email protected]"]}\''}, {'type': 'paragraph', 'content': 'If the server responds with HTTP 200 OK and a JSON message indicating the email was queued (e.g., "250 OK: queued as."), it confirms the vulnerability is present.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

There are no known vendor patches or countermeasures available for this vulnerability as of the disclosure date.

Immediate mitigation steps include restricting access to the vulnerable Email API endpoint /api/v1/mail/send by implementing network-level controls such as firewall rules or IP whitelisting to prevent unauthorized remote access.

Consider disabling or removing the affected Email API component if possible, or replacing the affected DoraCMS version with a secure alternative.

Useful 0 Not Useful 0