What is the CVSS score of CVE-2026-30521?

CVE-2026-30521 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2026-30521?

Yes, a public proof-of-concept exploit is available for CVE-2026-30521. Prioritise patching immediately. EPSS: 0.0%.

SourceCodester Loan Management System CVE-2026-30521

EUVD-2026-17583 MEDIUM

Client-Side Enforcement of Server-Side Security (CWE-602)

2026-03-31 mitre

Authentication Bypass

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

PoC Detected

Apr 02, 2026 - 15:16 vuln.today

Public exploit code

EUVD ID Assigned

Mar 31, 2026 - 19:01 euvd

EUVD-2026-17583

Analysis Generated

Mar 31, 2026 - 19:01 vuln.today

CVE Published

Mar 31, 2026 - 00:00 nvd

MEDIUM 6.5

DescriptionNVD

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. This results in the creation of loan plans with negative interest rates.

AnalysisAI

SourceCodester Loan Management System v1.0 allows authenticated administrators to create loan plans with negative interest rates by submitting negative values in HTTP POST requests, bypassing client-side validation that lacks server-side enforcement. This business logic vulnerability enables attackers with administrative credentials to manipulate loan terms and potentially cause financial harm to the organization. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30521 vulnerability details – vuln.today

Back

SourceCodester Loan Management System CVE-2026-30521

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code