Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@4.0.0-RC1
Typecomposer
Namespacecraftcms
Namecms
Version4.0.0-RC1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.1
Latest_non_vulnerable_version5.9.18
Affected_by_vulnerabilities
0
url VCID-2re8-4twc-eqez
vulnerability_id VCID-2re8-4twc-eqez
summary 
Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI
For this to work, users must have administrator access to the Craft Control Panel, and [allowAdminChanges](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges) must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment.

https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production

Alternatively, a non-administrator account with allowAdminChanges disabled can be used, provided access to the System Messages utility is available.

It is possible to craft a malicious payload using the Twig `map` filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE.

Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.

References:

https://github.com/craftcms/cms/commit/d82680f4a05f9576883bb83c3f6243d33ca73ebe

https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68454
reference_id
reference_type
scores
0
value 0.00648
scoring_system epss
scoring_elements 0.7112
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68454
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-06T14:26:38Z/
url https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
3
reference_url https://github.com/craftcms/cms/commit/d82680f4a05f9576883bb83c3f6243d33ca73ebe
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-06T14:26:38Z/
url https://github.com/craftcms/cms/commit/d82680f4a05f9576883bb83c3f6243d33ca73ebe
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68454
reference_id CVE-2025-68454
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68454
5
reference_url https://github.com/advisories/GHSA-742x-x762-7383
reference_id GHSA-742x-x762-7383
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-742x-x762-7383
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-742x-x762-7383
reference_id GHSA-742x-x762-7383
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-06T14:26:38Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-742x-x762-7383
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.17
purl pkg:composer/craftcms/cms@4.16.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51qg-ehr3-3qeu
1
vulnerability VCID-7b71-dsva-cfan
2
vulnerability VCID-jy6d-5zfh-7ycp
3
vulnerability VCID-u3cv-q3ft-qkhj
4
vulnerability VCID-uzyt-dujv-nqh6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17
1
url pkg:composer/craftcms/cms@5.8.21
purl pkg:composer/craftcms/cms@5.8.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51qg-ehr3-3qeu
1
vulnerability VCID-76vz-cxx8-z7fc
2
vulnerability VCID-7b71-dsva-cfan
3
vulnerability VCID-jy6d-5zfh-7ycp
4
vulnerability VCID-u3cv-q3ft-qkhj
5
vulnerability VCID-uzyt-dujv-nqh6
6
vulnerability VCID-w35e-5gaq-y3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21
aliases CVE-2025-68454, GHSA-742x-x762-7383
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2re8-4twc-eqez
1
url VCID-46sq-495d-fkay
vulnerability_id VCID-46sq-495d-fkay
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37247
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37247
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/3.7.55.2/src/helpers/Cp.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.7.55.2/src/helpers/Cp.php
3
reference_url https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
4
reference_url https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
5
reference_url https://labs.integrity.pt/advisories/cve-2022-37247
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.integrity.pt/advisories/cve-2022-37247
6
reference_url https://labs.integrity.pt/advisories/cve-2022-37247/
reference_id CVE-2022-37247
reference_type
scores
url https://labs.integrity.pt/advisories/cve-2022-37247/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37247
reference_id CVE-2022-37247
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37247
8
reference_url https://github.com/advisories/GHSA-3cvm-7wrh-qrf9
reference_id GHSA-3cvm-7wrh-qrf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cvm-7wrh-qrf9
fixed_packages
0
url pkg:composer/craftcms/cms@4.2.1
purl pkg:composer/craftcms/cms@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.1
aliases CVE-2022-37247, GHSA-3cvm-7wrh-qrf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46sq-495d-fkay
2
url VCID-4zfr-4pgf-zke4
vulnerability_id VCID-4zfr-4pgf-zke4
summary 
Craft CMS Vulnerable to Authenticated RCE via "craft.app.fs.write()" in Twig Templates
An authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into Twig template fields (e.g., Email Templates). By calling the `craft.app.fs.write()` method, an attacker can write a malicious PHP script to a web-accessible directory and subsequently access it via the browser to execute arbitrary system commands.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28697
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43203
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28697
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/9dc2a4a3ec8e9cd5e8c0d1129f36371437519197
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-04T18:02:12Z/
url https://github.com/craftcms/cms/commit/9dc2a4a3ec8e9cd5e8c0d1129f36371437519197
3
reference_url https://github.com/craftcms/cms/pull/18216
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-04T18:02:12Z/
url https://github.com/craftcms/cms/pull/18216
4
reference_url https://github.com/craftcms/cms/pull/18219
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-04T18:02:12Z/
url https://github.com/craftcms/cms/pull/18219
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28697
reference_id CVE-2026-28697
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28697
6
reference_url https://github.com/advisories/GHSA-v47q-jxvr-p68x
reference_id GHSA-v47q-jxvr-p68x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v47q-jxvr-p68x
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-v47q-jxvr-p68x
reference_id GHSA-v47q-jxvr-p68x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-04T18:02:12Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-v47q-jxvr-p68x
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28697, GHSA-v47q-jxvr-p68x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zfr-4pgf-zke4
3
url VCID-51qg-ehr3-3qeu
vulnerability_id VCID-51qg-ehr3-3qeu
summary 
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation
The `saveAsset` GraphQL mutation uses `filter_var(..., FILTER_VALIDATE_IP)` to block a specific list of IP addresses. However, alternative IP notations (hexadecimal, mixed) are not recognized by this function, allowing attackers to bypass the blocklist and access cloud metadata services.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25494
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05224
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25494
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/d49e93e5ba0c48939ce5eaa6cd9b4a990542d8b2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:49Z/
url https://github.com/craftcms/cms/commit/d49e93e5ba0c48939ce5eaa6cd9b4a990542d8b2
3
reference_url https://github.com/craftcms/cms/releases/tag/4.16.18
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/4.16.18
4
reference_url https://github.com/craftcms/cms/releases/tag/5.8.22
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:49Z/
url https://github.com/craftcms/cms/releases/tag/5.8.22
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25494
reference_id CVE-2026-25494
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25494
6
reference_url https://github.com/advisories/GHSA-m5r2-8p9x-hp5m
reference_id GHSA-m5r2-8p9x-hp5m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5r2-8p9x-hp5m
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-m5r2-8p9x-hp5m
reference_id GHSA-m5r2-8p9x-hp5m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:49Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-m5r2-8p9x-hp5m
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.18
purl pkg:composer/craftcms/cms@4.16.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.18
1
url pkg:composer/craftcms/cms@5.8.22
purl pkg:composer/craftcms/cms@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22
aliases CVE-2026-25494, GHSA-m5r2-8p9x-hp5m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51qg-ehr3-3qeu
4
url VCID-5h4n-14xc-uuf6
vulnerability_id VCID-5h4n-14xc-uuf6
summary 
Craft CMS vulnerable to potential information disclosure via unchecked asset relocation
Authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests.

Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.

 Resources:

https://github.com/craftcms/cms/commit/4bcb0db554e273b66ce3b75263a13414c2368fc9

https://github.com/craftcms/cms/commit/4bcb0db554e273b66ce3b75263a13414c2368fc9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68436
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17789
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68436
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/4bcb0db554e273b66ce3b75263a13414c2368fc9
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T15:35:10Z/
url https://github.com/craftcms/cms/commit/4bcb0db554e273b66ce3b75263a13414c2368fc9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68436
reference_id CVE-2025-68436
reference_type
scores
0
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68436
4
reference_url https://github.com/advisories/GHSA-53vf-c43h-j2x9
reference_id GHSA-53vf-c43h-j2x9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53vf-c43h-j2x9
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-53vf-c43h-j2x9
reference_id GHSA-53vf-c43h-j2x9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-06T15:35:10Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-53vf-c43h-j2x9
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.17
purl pkg:composer/craftcms/cms@4.16.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51qg-ehr3-3qeu
1
vulnerability VCID-7b71-dsva-cfan
2
vulnerability VCID-jy6d-5zfh-7ycp
3
vulnerability VCID-u3cv-q3ft-qkhj
4
vulnerability VCID-uzyt-dujv-nqh6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17
1
url pkg:composer/craftcms/cms@5.8.21
purl pkg:composer/craftcms/cms@5.8.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51qg-ehr3-3qeu
1
vulnerability VCID-76vz-cxx8-z7fc
2
vulnerability VCID-7b71-dsva-cfan
3
vulnerability VCID-jy6d-5zfh-7ycp
4
vulnerability VCID-u3cv-q3ft-qkhj
5
vulnerability VCID-uzyt-dujv-nqh6
6
vulnerability VCID-w35e-5gaq-y3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21
aliases CVE-2025-68436, GHSA-53vf-c43h-j2x9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h4n-14xc-uuf6
5
url VCID-5h73-3z9j-xqb8
vulnerability_id VCID-5h73-3z9j-xqb8
summary 
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Bypassing the validatePath function can lead to potential Remote Code Execution
(Post-authentication, ALLOW_ADMIN_CHANGES=true)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40035
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54241
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40035
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/
url https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5
3
reference_url https://github.com/craftcms/cms/releases/tag/3.8.15
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/
url https://github.com/craftcms/cms/releases/tag/3.8.15
4
reference_url https://github.com/craftcms/cms/releases/tag/4.4.15
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/
url https://github.com/craftcms/cms/releases/tag/4.4.15
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40035
reference_id CVE-2023-40035
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40035
6
reference_url https://github.com/advisories/GHSA-44wr-rmwq-3phw
reference_id GHSA-44wr-rmwq-3phw
reference_type
scores
url https://github.com/advisories/GHSA-44wr-rmwq-3phw
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw
reference_id GHSA-44wr-rmwq-3phw
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T20:33:49Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.15
purl pkg:composer/craftcms/cms@4.4.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15
aliases CVE-2023-40035, GHSA-44wr-rmwq-3phw
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h73-3z9j-xqb8
6
url VCID-68jz-k8d5-u7dk
vulnerability_id VCID-68jz-k8d5-u7dk
summary 
Craft CMS has a potential information disclosure vulnerability in preview tokens
Craft CMS has a CSRF issue in the preview token endpoint at `/actions/preview/create-token`.  The endpoint accepts an attacker-supplied `previewToken`.

Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview token chosen by the attacker.

That token can then be used by the attacker (without authentication) to access previewed/unpublished content tied to the victim’s authorized preview scope.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29113
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00696
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29113
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/6a88468dc35a27cccc8fef254f415a447d4a07cc
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T20:05:03Z/
url https://github.com/craftcms/cms/commit/6a88468dc35a27cccc8fef254f415a447d4a07cc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29113
reference_id CVE-2026-29113
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29113
4
reference_url https://github.com/advisories/GHSA-vg3j-hpm9-8v5v
reference_id GHSA-vg3j-hpm9-8v5v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vg3j-hpm9-8v5v
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-vg3j-hpm9-8v5v
reference_id GHSA-vg3j-hpm9-8v5v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T20:05:03Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-vg3j-hpm9-8v5v
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.4
purl pkg:composer/craftcms/cms@4.17.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.4
1
url pkg:composer/craftcms/cms@5.9.7
purl pkg:composer/craftcms/cms@5.9.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.7
aliases CVE-2026-29113, GHSA-vg3j-hpm9-8v5v
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68jz-k8d5-u7dk
7
url VCID-6epu-syvm-d3ed
vulnerability_id VCID-6epu-syvm-d3ed
summary 
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
This was reported as a vulnerability in Yii framework on August 7th (https://github.com/yiisoft/yii2/security/advisories/GHSA-gcmh-9pjj-7fp4). The Yii framework team denies responsibility for this (placing the onus on application developers) and hence has not (and seemingly will not) provide a fix at the framework level. Hence, I am reporting this to Craft as I found it to affect the latest (`5.6.0`) version of Craft CMS.

Leveraging a legitimate but maliciously crafted Yii `Behavior` class, it’s possible to trigger Remote Code Execution (RCE) via Reflection when the tainted `Behavior` is attached to a Yii `Component`, and an event is also fired on the tainted `Component`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68455
reference_id
reference_type
scores
0
value 0.01513
scoring_system epss
scoring_elements 0.81517
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68455
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-06T14:26:28Z/
url https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
3
reference_url https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-06T14:26:28Z/
url https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7
4
reference_url https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-06T14:26:28Z/
url https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef
5
reference_url https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-06T14:26:28Z/
url https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68455
reference_id CVE-2025-68455
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68455
7
reference_url https://github.com/advisories/GHSA-255j-qw47-wjh5
reference_id GHSA-255j-qw47-wjh5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-255j-qw47-wjh5
8
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5
reference_id GHSA-255j-qw47-wjh5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-06T14:26:28Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.17
purl pkg:composer/craftcms/cms@4.16.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51qg-ehr3-3qeu
1
vulnerability VCID-7b71-dsva-cfan
2
vulnerability VCID-jy6d-5zfh-7ycp
3
vulnerability VCID-u3cv-q3ft-qkhj
4
vulnerability VCID-uzyt-dujv-nqh6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.17
1
url pkg:composer/craftcms/cms@5.8.21
purl pkg:composer/craftcms/cms@5.8.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51qg-ehr3-3qeu
1
vulnerability VCID-76vz-cxx8-z7fc
2
vulnerability VCID-7b71-dsva-cfan
3
vulnerability VCID-jy6d-5zfh-7ycp
4
vulnerability VCID-u3cv-q3ft-qkhj
5
vulnerability VCID-uzyt-dujv-nqh6
6
vulnerability VCID-w35e-5gaq-y3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21
aliases CVE-2025-68455, GHSA-255j-qw47-wjh5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6epu-syvm-d3ed
8
url VCID-7b71-dsva-cfan
vulnerability_id VCID-7b71-dsva-cfan
summary 
Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields
A stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the `|md|raw` Twig filter without proper escaping, allowing script execution when the Number field is displayed on users' profiles.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25496
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06771
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25496
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/cb5fb0e979e72f315c9178fc031883d49527f513
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:19Z/
url https://github.com/craftcms/cms/commit/cb5fb0e979e72f315c9178fc031883d49527f513
3
reference_url https://github.com/craftcms/cms/releases/tag/4.16.18
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/4.16.18
4
reference_url https://github.com/craftcms/cms/releases/tag/5.8.22
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:19Z/
url https://github.com/craftcms/cms/releases/tag/5.8.22
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25496
reference_id CVE-2026-25496
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25496
6
reference_url https://github.com/advisories/GHSA-9f5h-mmq6-2x78
reference_id GHSA-9f5h-mmq6-2x78
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f5h-mmq6-2x78
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-9f5h-mmq6-2x78
reference_id GHSA-9f5h-mmq6-2x78
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:19Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-9f5h-mmq6-2x78
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.18
purl pkg:composer/craftcms/cms@4.16.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.18
1
url pkg:composer/craftcms/cms@5.8.22
purl pkg:composer/craftcms/cms@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22
aliases CVE-2026-25496, GHSA-9f5h-mmq6-2x78
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b71-dsva-cfan
9
url VCID-ccwe-z8nr-3qhq
vulnerability_id VCID-ccwe-z8nr-3qhq
summary 
Craft CMS: GraphQL Asset Mutation Privilege Escalation
Type: Privilege Escalation (CWE-269)
Affected: Craft CMS 5.x (likely affects 4.x and 3.x as well)
Location: `src/gql/resolvers/mutations/Asset.php lines 57-107`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25497
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06328
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25497
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/ac7edf868c1a81fd9c4dc49d3b3edf1cce113409
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:18Z/
url https://github.com/craftcms/cms/commit/ac7edf868c1a81fd9c4dc49d3b3edf1cce113409
3
reference_url https://github.com/craftcms/cms/releases/tag/4.17.0-beta.1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/4.17.0-beta.1
4
reference_url https://github.com/craftcms/cms/releases/tag/5.8.22
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:18Z/
url https://github.com/craftcms/cms/releases/tag/5.8.22
5
reference_url https://github.com/craftcms/cms/releases/tag/5.9.0-beta.1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/5.9.0-beta.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25497
reference_id CVE-2026-25497
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25497
7
reference_url https://github.com/advisories/GHSA-fxp3-g6gw-4r4v
reference_id GHSA-fxp3-g6gw-4r4v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxp3-g6gw-4r4v
8
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-fxp3-g6gw-4r4v
reference_id GHSA-fxp3-g6gw-4r4v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:18Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-fxp3-g6gw-4r4v
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-25497, GHSA-fxp3-g6gw-4r4v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccwe-z8nr-3qhq
10
url VCID-ch5h-xzgt-6kgs
vulnerability_id VCID-ch5h-xzgt-6kgs
summary 
Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action
The "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements.
Even with only "View Entries" permission (where the "Duplicate" action is restricted in the UI), a user can bypass this restriction by sending a direct request.

Furthermore, this vulnerability allows duplicating **other users' entries** by specifying their Entry IDs. Since Entry IDs are incremental, an attacker can trivially brute-force these IDs to duplicate and access restricted content across the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28782
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12972
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28782
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/fb61a91357f5761c852400185ba931f51d82783d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:34:53Z/
url https://github.com/craftcms/cms/commit/fb61a91357f5761c852400185ba931f51d82783d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28782
reference_id CVE-2026-28782
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28782
4
reference_url https://github.com/advisories/GHSA-jxm3-pmm2-9gf6
reference_id GHSA-jxm3-pmm2-9gf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jxm3-pmm2-9gf6
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-jxm3-pmm2-9gf6
reference_id GHSA-jxm3-pmm2-9gf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:34:53Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-jxm3-pmm2-9gf6
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28782, GHSA-jxm3-pmm2-9gf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ch5h-xzgt-6kgs
11
url VCID-ejv9-c3hf-jfax
vulnerability_id VCID-ejv9-c3hf-jfax
summary 
Craft CMS has Twig Function Blocklist Bypass
Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions.

In order to be able to successfully execute this attack, you need to either have `allowAdminChanges` enabled on production, or a compromised admin account, or an account with access to the System Messages utility.

Several PHP functions are not included in the blocklist, which could allow malicious actors with the required permissions to execute various types of payloads, including RCEs, arbitrary file reads, SSRFs, and SSTIs.

Twig has already deprecated this behavior, and it will eventually be removed from Twig altogether.

https://github.com/twigphp/Twig/blob/946ddeafa3c9f4ce279d1f34051af041db0e16f2/src/Extension/CoreExtension.php#L2096

This has been resolved in Craft 4.17.0 and 5.9.0, which removes the blocklist and disables all non-Clousure arrow functions in Twig globally via the `enableTwigSandbox` config setting. That setting is enabled by default on all new Craft projects. Existing Craft projects will need to enable the config setting to take advantage of it.

Existing projects should update to the patched versions of 5.9.0 and 4.17.0 to mitigate the issue and enable the config setting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28783
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11162
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28783
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/pull/18208
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:33:33Z/
url https://github.com/craftcms/cms/pull/18208
3
reference_url https://github.com/twigphp/Twig/blob/946ddeafa3c9f4ce279d1f34051af041db0e16f2/src/Extension/CoreExtension.php#L2096
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twigphp/Twig/blob/946ddeafa3c9f4ce279d1f34051af041db0e16f2/src/Extension/CoreExtension.php#L2096
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28783
reference_id CVE-2026-28783
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28783
5
reference_url https://github.com/advisories/GHSA-5fvc-7894-ghp4
reference_id GHSA-5fvc-7894-ghp4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fvc-7894-ghp4
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-5fvc-7894-ghp4
reference_id GHSA-5fvc-7894-ghp4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:33:33Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-5fvc-7894-ghp4
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28783, GHSA-5fvc-7894-ghp4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejv9-c3hf-jfax
12
url VCID-hn1f-f29s-g3bj
vulnerability_id VCID-hn1f-f29s-g3bj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37246
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37246
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:32:42Z/
url https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679b
3
reference_url https://github.com/craftcms/cms/commit/ecefe7f0afe0a6c4d1097a570cba82753d33f681
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/ecefe7f0afe0a6c4d1097a570cba82753d33f681
4
reference_url https://labs.integrity.pt/advisories/cve-2022-37246
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.integrity.pt/advisories/cve-2022-37246
5
reference_url https://labs.integrity.pt/advisories/cve-2022-37246/
reference_id CVE-2022-37246
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T16:32:42Z/
url https://labs.integrity.pt/advisories/cve-2022-37246/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37246
reference_id CVE-2022-37246
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37246
7
reference_url https://github.com/advisories/GHSA-f546-v666-559x
reference_id GHSA-f546-v666-559x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f546-v666-559x
fixed_packages
0
url pkg:composer/craftcms/cms@4.2.1
purl pkg:composer/craftcms/cms@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.1
aliases CVE-2022-37246, GHSA-f546-v666-559x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hn1f-f29s-g3bj
13
url VCID-j9n2-1u2k-ckc5
vulnerability_id VCID-j9n2-1u2k-ckc5
summary 
Craft CMS has potential authenticated Remote Code Execution via Twig SSTI
For this to work, the attacker must have administrator access to the Craft Control Panel, and [allowAdminChanges](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges) must be enabled, which is against Craft CMS' recommendations for any non-dev environment.

https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production

Alternatively, they can have a non-administrator account with `allowAdminChanges` disabled, but they must have access to the System Messages utility.

It is possible to craft a malicious payload using the Twig `map` filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE.

Users should update to the patched versions (5.8.22 and 4.16.18) to mitigate the issue.

References:

https://github.com/craftcms/cms/pull/18208
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28784
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.0631
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28784
1
reference_url https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:32:46Z/
url https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/pull/18208
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:32:46Z/
url https://github.com/craftcms/cms/pull/18208
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28784
reference_id CVE-2026-28784
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28784
5
reference_url https://github.com/advisories/GHSA-qc86-q28f-ggww
reference_id GHSA-qc86-q28f-ggww
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qc86-q28f-ggww
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-qc86-q28f-ggww
reference_id GHSA-qc86-q28f-ggww
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:32:46Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-qc86-q28f-ggww
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28784, GHSA-qc86-q28f-ggww
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9n2-1u2k-ckc5
14
url VCID-jy6d-5zfh-7ycp
vulnerability_id VCID-jy6d-5zfh-7ycp
summary 
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
A Remote Code Execution (RCE) vulnerability exists in Craft CMS where the `assembleLayoutFromPost()` function in `src/services/Fields.php` fails to sanitize user-supplied configuration data before passing it to `Craft::createObject()`. This allows authenticated administrators to inject malicious Yii2 behavior configurations that execute arbitrary system commands on the server. This vulnerability represents an **unpatched variant** of the behavior injection vulnerability addressed in GHSA-255j-qw47-wjh5, affecting different endpoints through a separate code path.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25498
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54864
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25498
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-10T15:32:09Z/
url https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748
3
reference_url https://github.com/craftcms/cms/releases/tag/4.16.18
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/4.16.18
4
reference_url https://github.com/craftcms/cms/releases/tag/5.8.22
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-10T15:32:09Z/
url https://github.com/craftcms/cms/releases/tag/5.8.22
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25498
reference_id CVE-2026-25498
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25498
6
reference_url https://github.com/advisories/GHSA-7jx7-3846-m7w7
reference_id GHSA-7jx7-3846-m7w7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7jx7-3846-m7w7
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-7jx7-3846-m7w7
reference_id GHSA-7jx7-3846-m7w7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-10T15:32:09Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-7jx7-3846-m7w7
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.18
purl pkg:composer/craftcms/cms@4.16.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.18
1
url pkg:composer/craftcms/cms@5.8.22
purl pkg:composer/craftcms/cms@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22
aliases CVE-2026-25498, GHSA-7jx7-3846-m7w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jy6d-5zfh-7ycp
15
url VCID-kb8h-6rmc-wka1
vulnerability_id VCID-kb8h-6rmc-wka1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37250
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37250
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/3.7.55.1/src/helpers/Cp.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.7.55.1/src/helpers/Cp.php
3
reference_url https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
4
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
5
reference_url https://github.com/craftcms/cms/commit/cdc9cb66d0716c9552e4113c8e426fd1a31f9516
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:03:29Z/
url https://github.com/craftcms/cms/commit/cdc9cb66d0716c9552e4113c8e426fd1a31f9516
6
reference_url https://labs.integrity.pt/advisories/cve-2022-37250
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.integrity.pt/advisories/cve-2022-37250
7
reference_url https://labs.integrity.pt/advisories/cve-2022-37250/
reference_id CVE-2022-37250
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:03:29Z/
url https://labs.integrity.pt/advisories/cve-2022-37250/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37250
reference_id CVE-2022-37250
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37250
9
reference_url https://github.com/advisories/GHSA-8r89-x93x-mjq2
reference_id GHSA-8r89-x93x-mjq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r89-x93x-mjq2
fixed_packages
0
url pkg:composer/craftcms/cms@4.2.1
purl pkg:composer/craftcms/cms@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.1
aliases CVE-2022-37250, GHSA-8r89-x93x-mjq2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kb8h-6rmc-wka1
16
url VCID-m28c-yq43-a7cq
vulnerability_id VCID-m28c-yq43-a7cq
summary 
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options
Stored XSS in multiple settings. Names/labels are rendered without sanitization via `checkbox.twig` template which uses `{{ label|raw }}`.

---
references
0
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
1
reference_url https://github.com/craftcms/cms/commit/67780a778c6ec04e68e64a0b1177c168306144a2
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/67780a778c6ec04e68e64a0b1177c168306144a2
2
reference_url https://github.com/craftcms/cms/commit/943152d2246b36f12adf161a03b8695b773d9276
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/943152d2246b36f12adf161a03b8695b773d9276
3
reference_url https://github.com/advisories/GHSA-4mgv-366x-qxvx
reference_id GHSA-4mgv-366x-qxvx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mgv-366x-qxvx
4
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-4mgv-366x-qxvx
reference_id GHSA-4mgv-366x-qxvx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/security/advisories/GHSA-4mgv-366x-qxvx
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases GHSA-4mgv-366x-qxvx
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m28c-yq43-a7cq
17
url VCID-mytj-88ea-73d9
vulnerability_id VCID-mytj-88ea-73d9
summary 
Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget
There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the `create()` Twig function combined with a Symfony Process gadget chain.

This bypasses the fix implemented for CVE-2025-57811 (patched in 5.8.7).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28695
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08324
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28695
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/e31e50849ad71638e11ea55fbd1ed90ae8f8f6e0
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:03:23Z/
url https://github.com/craftcms/cms/commit/e31e50849ad71638e11ea55fbd1ed90ae8f8f6e0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28695
reference_id CVE-2026-28695
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28695
4
reference_url https://github.com/advisories/GHSA-94rc-cqvm-m4pw
reference_id GHSA-94rc-cqvm-m4pw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94rc-cqvm-m4pw
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-94rc-cqvm-m4pw
reference_id GHSA-94rc-cqvm-m4pw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:03:23Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-94rc-cqvm-m4pw
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28695, GHSA-94rc-cqvm-m4pw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mytj-88ea-73d9
18
url VCID-p9a4-4g1n-7qf4
vulnerability_id VCID-p9a4-4g1n-7qf4
summary 
Improper Control of Generation of Code ('Code Injection')
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
references
0
reference_url http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41892
reference_id
reference_type
scores
0
value 0.93942
scoring_system epss
scoring_elements 0.99889
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41892
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical
4
reference_url https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857
5
reference_url https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e
6
reference_url https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1
7
reference_url https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41892
reference_id CVE-2023-41892
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41892
9
reference_url https://github.com/advisories/GHSA-4w8r-3xrw-v25g
reference_id GHSA-4w8r-3xrw-v25g
reference_type
scores
url https://github.com/advisories/GHSA-4w8r-3xrw-v25g
10
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g
reference_id GHSA-4w8r-3xrw-v25g
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.15
purl pkg:composer/craftcms/cms@4.4.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15
aliases CVE-2023-41892, GHSA-4w8r-3xrw-v25g
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9a4-4g1n-7qf4
19
url VCID-u3cv-q3ft-qkhj
vulnerability_id VCID-u3cv-q3ft-qkhj
summary 
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect
The `saveAsset` GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypass all SSRF protections by hosting a redirect that points to cloud metadata endpoints or any internal IP addresses.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25493
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05224
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25493
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/0974055634af68998f67850ab2045d8aaa19fa98
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:50Z/
url https://github.com/craftcms/cms/commit/0974055634af68998f67850ab2045d8aaa19fa98
3
reference_url https://github.com/craftcms/cms/releases/tag/4.16.18
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/4.16.18
4
reference_url https://github.com/craftcms/cms/releases/tag/5.8.22
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:50Z/
url https://github.com/craftcms/cms/releases/tag/5.8.22
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25493
reference_id CVE-2026-25493
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25493
6
reference_url https://github.com/advisories/GHSA-8jr8-7hr4-vhfx
reference_id GHSA-8jr8-7hr4-vhfx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jr8-7hr4-vhfx
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-8jr8-7hr4-vhfx
reference_id GHSA-8jr8-7hr4-vhfx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:50Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-8jr8-7hr4-vhfx
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.18
purl pkg:composer/craftcms/cms@4.16.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.18
1
url pkg:composer/craftcms/cms@5.8.22
purl pkg:composer/craftcms/cms@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22
aliases CVE-2026-25493, GHSA-8jr8-7hr4-vhfx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3cv-q3ft-qkhj
20
url VCID-upnk-thub-2fg1
vulnerability_id VCID-upnk-thub-2fg1
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33196
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26402
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33196
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:29:35Z/
url https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7
3
reference_url https://github.com/craftcms/cms/releases/tag/4.4.7
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:29:35Z/
url https://github.com/craftcms/cms/releases/tag/4.4.7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33196
reference_id CVE-2023-33196
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33196
5
reference_url https://github.com/advisories/GHSA-cjmm-x9x9-m2w5
reference_id GHSA-cjmm-x9x9-m2w5
reference_type
scores
url https://github.com/advisories/GHSA-cjmm-x9x9-m2w5
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5
reference_id GHSA-cjmm-x9x9-m2w5
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:29:35Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5
fixed_packages
0
url pkg:composer/craftcms/cms@4.4.7
purl pkg:composer/craftcms/cms@4.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.7
aliases CVE-2023-33196, GHSA-cjmm-x9x9-m2w5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upnk-thub-2fg1
21
url VCID-uzyt-dujv-nqh6
vulnerability_id VCID-uzyt-dujv-nqh6
summary 
Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`
The `element-indexes/get-elements` endpoint is vulnerable to **SQL Injection** via the `criteria[orderBy]` parameter (JSON body). The application fails to sanitize this input before using it in the database query.
An attacker with **Control Panel access** can inject arbitrary SQL into the `ORDER BY` clause by omitting `viewState[order]` (or setting both to the same payload).

> [!NOTE]
> The `ORDER BY` clause executes per row. `SLEEP(1)` on 10 rows = 10s delay.

---
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25495
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03273
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25495
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/96c60d775c644ff0a0276da52fe29e11d4cd38d2
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-10T15:32:10Z/
url https://github.com/craftcms/cms/commit/96c60d775c644ff0a0276da52fe29e11d4cd38d2
3
reference_url https://github.com/craftcms/cms/releases/tag/4.16.18
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/releases/tag/4.16.18
4
reference_url https://github.com/craftcms/cms/releases/tag/5.8.22
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-10T15:32:10Z/
url https://github.com/craftcms/cms/releases/tag/5.8.22
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25495
reference_id CVE-2026-25495
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25495
6
reference_url https://github.com/advisories/GHSA-2453-mppf-46cj
reference_id GHSA-2453-mppf-46cj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2453-mppf-46cj
7
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-2453-mppf-46cj
reference_id GHSA-2453-mppf-46cj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-10T15:32:10Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-2453-mppf-46cj
fixed_packages
0
url pkg:composer/craftcms/cms@4.16.18
purl pkg:composer/craftcms/cms@4.16.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.16.18
1
url pkg:composer/craftcms/cms@5.8.22
purl pkg:composer/craftcms/cms@5.8.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-efkn-13cf-97c3
1
vulnerability VCID-g17s-3ghd-5fhm
2
vulnerability VCID-ntx4-ssgk-jqgh
3
vulnerability VCID-s9mh-xu8b-fqgf
4
vulnerability VCID-ukq9-ggdc-byf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22
aliases CVE-2026-25495, GHSA-2453-mppf-46cj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzyt-dujv-nqh6
22
url VCID-vg28-8erb-27ae
vulnerability_id VCID-vg28-8erb-27ae
summary 
Craft CMS: Entries Authorship Spoofing via Mass Assignment
The entry creation process allows for **Mass Assignment** of the `authorId` attribute. A user with "Create Entries" permission can inject the `authorIds[]` (or `authorId`) parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign authorship to others.

Normally, this field is not present in the request for users without the necessary permissions. By manually adding this parameter, an attacker can attribute the new entry to any user, including Admins. This effectively "spoofs" the authorship.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28781
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16098
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28781
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/830b403870cd784b47ae42a3f5a16e7ac2d7f5a8
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:36:36Z/
url https://github.com/craftcms/cms/commit/830b403870cd784b47ae42a3f5a16e7ac2d7f5a8
3
reference_url https://github.com/craftcms/cms/commit/c6dcbdffaf6ab3ffe77d317336684d83699f4542
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:36:36Z/
url https://github.com/craftcms/cms/commit/c6dcbdffaf6ab3ffe77d317336684d83699f4542
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28781
reference_id CVE-2026-28781
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28781
5
reference_url https://github.com/advisories/GHSA-2xfc-g69j-x2mp
reference_id GHSA-2xfc-g69j-x2mp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xfc-g69j-x2mp
6
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-2xfc-g69j-x2mp
reference_id GHSA-2xfc-g69j-x2mp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:36:36Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-2xfc-g69j-x2mp
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28781, GHSA-2xfc-g69j-x2mp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vg28-8erb-27ae
23
url VCID-vwm6-qumh-ayd2
vulnerability_id VCID-vwm6-qumh-ayd2
summary
references
0
reference_url http://craft.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://craft.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37251
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37251
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
4
reference_url https://github.com/craftcms/cms/commit/7139213dbd9e177a3528aac8e2db8de91830f118
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/7139213dbd9e177a3528aac8e2db8de91830f118
5
reference_url https://github.com/craftcms/cms/commit/919c9074ff8596bf30a629b0888c529793e9a903
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/919c9074ff8596bf30a629b0888c529793e9a903
6
reference_url https://github.com/craftcms/cms/commit/f0d9b8a1e3ac005a2418f7d3d9059b49a96e73ea
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/f0d9b8a1e3ac005a2418f7d3d9059b49a96e73ea
7
reference_url https://labs.integrity.pt/advisories/cve-2022-37251
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.integrity.pt/advisories/cve-2022-37251
8
reference_url https://labs.integrity.pt/advisories/cve-2022-37251/
reference_id CVE-2022-37251
reference_type
scores
url https://labs.integrity.pt/advisories/cve-2022-37251/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37251
reference_id CVE-2022-37251
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37251
10
reference_url https://github.com/advisories/GHSA-mw37-wx8p-gp45
reference_id GHSA-mw37-wx8p-gp45
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mw37-wx8p-gp45
fixed_packages
0
url pkg:composer/craftcms/cms@4.2.1
purl pkg:composer/craftcms/cms@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.1
aliases CVE-2022-37251, GHSA-mw37-wx8p-gp45
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwm6-qumh-ayd2
24
url VCID-yn3x-km7n-d3hd
vulnerability_id VCID-yn3x-km7n-d3hd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37248
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55633
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37248
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/3.7.55.1/src/helpers/Cp.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/3.7.55.1/src/helpers/Cp.php
3
reference_url https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
4
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
5
reference_url https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
6
reference_url https://labs.integrity.pt/advisories/cve-2022-37248
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.integrity.pt/advisories/cve-2022-37248
7
reference_url https://labs.integrity.pt/advisories/cve-2022-37248/
reference_id CVE-2022-37248
reference_type
scores
url https://labs.integrity.pt/advisories/cve-2022-37248/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37248
reference_id CVE-2022-37248
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37248
9
reference_url https://github.com/advisories/GHSA-wxvf-839f-jqmh
reference_id GHSA-wxvf-839f-jqmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxvf-839f-jqmh
fixed_packages
0
url pkg:composer/craftcms/cms@4.2.1
purl pkg:composer/craftcms/cms@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.1
aliases CVE-2022-37248, GHSA-wxvf-839f-jqmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn3x-km7n-d3hd
25
url VCID-z48z-h23a-5qag
vulnerability_id VCID-z48z-h23a-5qag
summary 
Improper Privilege Management
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21622
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27786
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21622
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
3
reference_url https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
4
reference_url https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
5
reference_url https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
6
reference_url https://github.com/craftcms/cms/pull/13931
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/pull/13931
7
reference_url https://github.com/craftcms/cms/pull/13932
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/pull/13932
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21622
reference_id CVE-2024-21622
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21622
9
reference_url https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
reference_id GHSA-j5g9-j7r4-6qvx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
10
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
reference_id GHSA-j5g9-j7r4-6qvx
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
fixed_packages
0
url pkg:composer/craftcms/cms@4.5.11
purl pkg:composer/craftcms/cms@4.5.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11
aliases CVE-2024-21622, GHSA-j5g9-j7r4-6qvx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z48z-h23a-5qag
26
url VCID-zh94-u2by-xkg5
vulnerability_id VCID-zh94-u2by-xkg5
summary 
Craft CMS has IDOR via GraphQL @parseRefs
The GraphQL directive `@parseRefs`, intended to parse internal reference tags (e.g., `{user:1:email}`), can be abused by both authenticated users and unauthenticated guests (if a Public Schema is enabled) to access sensitive attributes of any element in the CMS. The implementation in `Elements::parseRefs` fails to perform authorization checks, allowing attackers to read data they are not authorized to view.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28696
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.0719
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28696
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/4d98a07e47580f1712095825d3e3c4d67bc9f8b9
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T18:00:48Z/
url https://github.com/craftcms/cms/commit/4d98a07e47580f1712095825d3e3c4d67bc9f8b9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28696
reference_id CVE-2026-28696
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28696
4
reference_url https://github.com/advisories/GHSA-7x43-mpfg-r9wj
reference_id GHSA-7x43-mpfg-r9wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7x43-mpfg-r9wj
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-7x43-mpfg-r9wj
reference_id GHSA-7x43-mpfg-r9wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T18:00:48Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-7x43-mpfg-r9wj
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.1
purl pkg:composer/craftcms/cms@4.17.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.1
1
url pkg:composer/craftcms/cms@5.9.0-beta.1
purl pkg:composer/craftcms/cms@5.9.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1
aliases CVE-2026-28696, GHSA-7x43-mpfg-r9wj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zh94-u2by-xkg5
27
url VCID-zybg-fqev-eber
vulnerability_id VCID-zybg-fqev-eber
summary 
Craft CMS has unauthenticated activation email trigger with potential user enumeration
The `actionSendActivationEmail()` endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the target user’s email address, they can activate the account and gain access to the system.

The vulnerability is not that anonymous access exists - there’s a legitimate use case for it. The vulnerability is that the endpoint accepts arbitrary `userId` parameters without verifying ownership.

Craft CMS allows public user registration. When a user registers but doesn’t receive their activation email (spam filter, typo correction, etc.), they need a way to request a resend. This is why `send-activation-email` is in the `allowAnonymous` array - it’s intentional self-service functionality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29069
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.1781
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29069
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/commit/c3d02d4a7246f516933f42106c0a67ce062f68d8
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:30:03Z/
url https://github.com/craftcms/cms/commit/c3d02d4a7246f516933f42106c0a67ce062f68d8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29069
reference_id CVE-2026-29069
reference_type
scores
0
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29069
4
reference_url https://github.com/advisories/GHSA-234q-vvw3-mrfq
reference_id GHSA-234q-vvw3-mrfq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-234q-vvw3-mrfq
5
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-234q-vvw3-mrfq
reference_id GHSA-234q-vvw3-mrfq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-04T17:30:03Z/
url https://github.com/craftcms/cms/security/advisories/GHSA-234q-vvw3-mrfq
fixed_packages
0
url pkg:composer/craftcms/cms@4.17.0-beta.2
purl pkg:composer/craftcms/cms@4.17.0-beta.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.17.0-beta.2
1
url pkg:composer/craftcms/cms@5.9.0-beta.2
purl pkg:composer/craftcms/cms@5.9.0-beta.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.2
aliases CVE-2026-29069, GHSA-234q-vvw3-mrfq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zybg-fqev-eber
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.0.0-RC1