How is CVE-2026-30760 exploited?

Network reachability (required): The vulnerable XAJAX endpoint is exposed over the network, so the attacker must be able to reach the web application via HTTP/HTTPS. Authentication (not-required): No account or session credentials are needed; the crafted XAJAX request can be sent by any unauthenticated caller. Victim interaction (not-required): The attack is entirely server-side; no user needs to click a link or take any action for exploitation to succeed. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions.

What is the impact of CVE-2026-30760?

The attacker can read application user data, including any profile fields, roles, or stored records accessible through the XAJAX interface. The attacker can write or overwrite arbitrary user records in the web application, such as modifying bans, permissions, or account details. The attacker can cause limited disruption to application data integrity, potentially corrupting records in ways that degrade normal operation.

Back to search

HIGHCVE-2026-30760Published 2026-05-28Modified 2026-05-29CNA mitre

CVE-2026-30760: An issue in SourceBans Material Admin before v

An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An improper input validation or access-control flaw in SourceBans Material Admin (before commit 3ecd95e, version 1.1.6) lets a remote attacker send a crafted XAJAX request to manipulate arbitrary user data in the web application. The vulnerability is reachable over the network, requires no authentication, and no victim interaction. Successful exploitation gives the attacker read, write, and limited denial-of-service capability over application data. HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images derived from SourceBans Material Admin base layers. Any affected image version in a connected registry or CI pipeline is flagged automatically.

Available

Triage

HarborGuard scores this finding at CVSS 7.3 (High) and weights it against each customer organization's compliance policy to determine escalation priority. Triage routing capability is available to direct the alert to the appropriate team inbox within each customer environment based on configured ownership rules.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream patch is released. In the interim, customers can use HarborGuard's policy controls to flag affected images as non-compliant and block their promotion to production.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable XAJAX endpoint is exposed over the network, so the attacker must be able to reach the web application via HTTP/HTTPS.
AuthenticationNot required
No account or session credentials are needed; the crafted XAJAX request can be sent by any unauthenticated caller.
Victim interactionNot required
The attack is entirely server-side; no user needs to click a link or take any action for exploitation to succeed.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions.

Blast Radius

The attacker can read application user data, including any profile fields, roles, or stored records accessible through the XAJAX interface.
The attacker can write or overwrite arbitrary user records in the web application, such as modifying bans, permissions, or account details.
The attacker can cause limited disruption to application data integrity, potentially corrupting records in ways that degrade normal operation.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-30760 is active across all connected environments, matching any image that includes an affected version of SourceBans Material Admin. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment a fix is published. For customers who opt into auto-remediation, that rebuild will trigger a regression test run and a PR opened against affected workloads without manual intervention. In the interim, compensating controls worth considering include network-policy rules that restrict access to the SourceBans web interface to trusted IP ranges, egress filtering to limit lateral movement if the host is compromised, and a compliance policy gate that blocks promotion of images containing this CVE to staging or production environments.

See how HarborGuard automates this

CVSS v3.1: 7.3
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References