CVE-2026-30994

Unauthenticated Access to Config File Exposes Session Credentials in Slah v1.5.0 and Earlier

Description

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.

INFO

Published Date :

2026-04-15T00:00:00.000Z

Last Modified :

2026-04-15T18:06:38.418Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30994 vulnerability.

Vendors	Products
Slah Cms	Slah Cms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30994.

URL	Resource
https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994
https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sensitive-data-exposure

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact