CVE-2026-3794
Improper Authentication in DoraCMS Email API Enables Remote Access
Publication date: 2026-03-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| html-js | doracms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3794 is a vulnerability in DoraCMS version 3.0.x affecting the Email API endpoint /api/v1/mail/send. It allows an attacker to send emails through this API without any authentication, meaning no login or registration is required.
The issue arises because the system does not properly verify the identity of the user making the request, leading to improper authentication. An attacker can send a crafted HTTP POST request with specific parameters to exploit this flaw.
This vulnerability enables unauthorized users to send arbitrary emails from the vulnerable system, potentially abusing it for spam, phishing, or other malicious email campaigns.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing attackers to send unauthorized emails from your DoraCMS system.'}, {'type': 'list_item', 'content': "It can be used to send spam emails, which may damage your system's reputation."}, {'type': 'list_item', 'content': 'Attackers could launch phishing campaigns using your system, potentially tricking recipients into revealing sensitive information.'}, {'type': 'list_item', 'content': 'The confidentiality, integrity, and availability of your system can be compromised due to this improper authentication flaw.'}, {'type': 'list_item', 'content': 'Since the exploit is publicly available and requires no authentication, the risk of exploitation is high.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to send an unauthenticated HTTP POST request to the vulnerable Email API endpoint /api/v1/mail/send with a crafted JSON payload. A typical detection method involves using curl to simulate the exploit attempt.'}, {'type': 'list_item', 'content': 'Use the following curl command to test if the endpoint is vulnerable by sending a crafted email request without authentication:'}, {'type': 'list_item', 'content': 'curl -X POST http://<target>/api/v1/mail/send -H "Content-Type: application/json" -d \'{"tempkey":"-1","title":"POC Bulk Mail","content":"<h1>POC</h1>","targets":["[email protected]"]}\''}, {'type': 'paragraph', 'content': 'If the server responds with HTTP 200 OK and a JSON message indicating the email was queued (e.g., "250 OK: queued as."), it confirms the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
There are no known vendor patches or countermeasures available for this vulnerability as of the disclosure date.
Immediate mitigation steps include restricting access to the vulnerable Email API endpoint /api/v1/mail/send by implementing network-level controls such as firewall rules or IP whitelisting to prevent unauthorized remote access.
Consider disabling or removing the affected Email API component if possible, or replacing the affected DoraCMS version with a secure alternative.