Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/payload@0.9.0
Typenpm
Namespace
Namepayload
Version0.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.79.1
Latest_non_vulnerable_version3.79.1
Affected_by_vulnerabilities
0
url VCID-2fz7-mz94-qkar
vulnerability_id VCID-2fz7-mz94-qkar
summary 
Payload has Authenticated SSRF via Upload Functionality
### Impact

An authenticated Server-Side Request Forgery (SSRF) vulnerability existed in the upload functionality.

Authenticated users with `create` or `update` access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs.

Consumers are affected if ALL of these are true:

- Payload version **< v3.79.1**
- At least one collection with `upload` enabled
- An authenticated user has `create` or `update` access to that collection

### Patches

This vulnerability has been patched in **v3.79.1**. Users should upgrade to **v3.79.1** or later.

### Workarounds

Until consumers can upgrade:

- Restrict `create` and `update` access to upload-enabled collections to trusted roles only.
- Limit outbound network access from your Payload server where possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34746
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03115
published_at 2026-06-07T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03159
published_at 2026-06-05T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03168
published_at 2026-06-06T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.0445
published_at 2026-06-09T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04428
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34746
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/releases/tag/v3.79.1
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:10:39Z/
url https://github.com/payloadcms/payload/releases/tag/v3.79.1
3
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:10:39Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34746
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34746
5
reference_url https://github.com/advisories/GHSA-6r7f-q7f5-wpx8
reference_id GHSA-6r7f-q7f5-wpx8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r7f-q7f5-wpx8
fixed_packages
0
url pkg:npm/payload@3.79.1
purl pkg:npm/payload@3.79.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.79.1
aliases CVE-2026-34746, GHSA-6r7f-q7f5-wpx8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fz7-mz94-qkar
1
url VCID-561q-1w64-yyhf
vulnerability_id VCID-561q-1w64-yyhf
summary 
Payload's SQLite adapter Session Fixation vulnerability
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.

This issue has been fixed in version 3.44.0 of Payload.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4644
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25313
published_at 2026-06-05T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25197
published_at 2026-06-09T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.2519
published_at 2026-06-08T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25247
published_at 2026-06-07T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25297
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4644
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T11:53:19Z/
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/commit/26d709dda6e512ce347557eaa2057db6e0cbf809
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload/commit/26d709dda6e512ce347557eaa2057db6e0cbf809
3
reference_url https://cert.pl/en/posts/2025/08/CVE-2025-4643
reference_id CVE-2025-4643
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T11:53:19Z/
url https://cert.pl/en/posts/2025/08/CVE-2025-4643
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4644
reference_id CVE-2025-4644
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4644
5
reference_url https://github.com/advisories/GHSA-26rv-h2hf-3fw4
reference_id GHSA-26rv-h2hf-3fw4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26rv-h2hf-3fw4
6
reference_url https://payloadcms.com
reference_id payloadcms.com
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T11:53:19Z/
url https://payloadcms.com
fixed_packages
0
url pkg:npm/payload@3.44.0
purl pkg:npm/payload@3.44.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz7-mz94-qkar
1
vulnerability VCID-a9vc-kmey-1qgc
2
vulnerability VCID-meh9-e5ng-bkg3
3
vulnerability VCID-n3wh-68vm-zfdq
4
vulnerability VCID-ucq6-796w-37hg
5
vulnerability VCID-yrej-ge5q-y3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.44.0
aliases CVE-2025-4644, GHSA-26rv-h2hf-3fw4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-561q-1w64-yyhf
2
url VCID-6mva-hk2u-h3bm
vulnerability_id VCID-6mva-hk2u-h3bm
summary 
Unrestricted Upload of File with Dangerous Type
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27952
reference_id
reference_type
scores
0
value 0.01003
scoring_system epss
scoring_elements 0.7741
published_at 2026-06-09T12:55:00Z
1
value 0.01003
scoring_system epss
scoring_elements 0.7737
published_at 2026-06-04T12:55:00Z
2
value 0.01003
scoring_system epss
scoring_elements 0.77398
published_at 2026-06-07T12:55:00Z
3
value 0.01003
scoring_system epss
scoring_elements 0.77408
published_at 2026-06-06T12:55:00Z
4
value 0.01003
scoring_system epss
scoring_elements 0.77389
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27952
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://www.youtube.com/watch?v=6CfhAxA3xdQ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.youtube.com/watch?v=6CfhAxA3xdQ
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27952
reference_id CVE-2022-27952
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27952
4
reference_url https://github.com/advisories/GHSA-w8xh-93qh-35vw
reference_id GHSA-w8xh-93qh-35vw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8xh-93qh-35vw
fixed_packages
0
url pkg:npm/payload@0.15.1
purl pkg:npm/payload@0.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz7-mz94-qkar
1
vulnerability VCID-561q-1w64-yyhf
2
vulnerability VCID-a9vc-kmey-1qgc
3
vulnerability VCID-meh9-e5ng-bkg3
4
vulnerability VCID-n3wh-68vm-zfdq
5
vulnerability VCID-q78h-gaub-5bc2
6
vulnerability VCID-qk7y-bukt-wffj
7
vulnerability VCID-ucq6-796w-37hg
8
vulnerability VCID-yrej-ge5q-y3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@0.15.1
aliases CVE-2022-27952, GHSA-w8xh-93qh-35vw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mva-hk2u-h3bm
3
url VCID-a9vc-kmey-1qgc
vulnerability_id VCID-a9vc-kmey-1qgc
summary 
payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)
A cross-collection Insecure Direct Object Reference (IDOR) vulnerability exists in the `payload-preferences` internal collection. In multi-auth collection environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and delete preferences belonging to users in different auth collections when their numeric IDs collide.

**Users are affected if ALL of these are true:**

- Multiple auth collections configured (e.g., `admins` + `customers`)
- Postgres or SQLite database adapter with serial/auto-increment IDs
- Users in different auth collections with the same numeric ID

**Not affected:**

- `@payloadcms/db-mongodb` adapter
- Single auth collection environments
- Postgres/SQLite with `idType: 'uuid'`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25574
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02261
published_at 2026-06-07T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02293
published_at 2026-06-06T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02287
published_at 2026-06-05T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02898
published_at 2026-06-09T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02934
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25574
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25574
reference_id CVE-2026-25574
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25574
3
reference_url https://github.com/advisories/GHSA-jq29-r496-r955
reference_id GHSA-jq29-r496-r955
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jq29-r496-r955
4
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-jq29-r496-r955
reference_id GHSA-jq29-r496-r955
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:22Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-jq29-r496-r955
fixed_packages
0
url pkg:npm/payload@3.74.0
purl pkg:npm/payload@3.74.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz7-mz94-qkar
1
vulnerability VCID-meh9-e5ng-bkg3
2
vulnerability VCID-n3wh-68vm-zfdq
3
vulnerability VCID-ucq6-796w-37hg
4
vulnerability VCID-yrej-ge5q-y3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.74.0
aliases CVE-2026-25574, GHSA-jq29-r496-r955
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9vc-kmey-1qgc
4
url VCID-meh9-e5ng-bkg3
vulnerability_id VCID-meh9-e5ng-bkg3
summary 
Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads
A Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources.

**Users are affected if ALL of these are true**:

- Payload version < v3.75.0
- At least one collection with `upload` enabled
- A user has `create` access to that upload-enabled collection

An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27567
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01492
published_at 2026-06-07T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01482
published_at 2026-06-09T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01484
published_at 2026-06-08T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01489
published_at 2026-06-06T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01481
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27567
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/commit/1041bb6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T19:03:18Z/
url https://github.com/payloadcms/payload/commit/1041bb6
3
reference_url https://github.com/payloadcms/payload/releases/tag/v3.75.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T19:03:18Z/
url https://github.com/payloadcms/payload/releases/tag/v3.75.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27567
reference_id CVE-2026-27567
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27567
5
reference_url https://github.com/advisories/GHSA-hhfx-5x8j-f5f6
reference_id GHSA-hhfx-5x8j-f5f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhfx-5x8j-f5f6
6
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6
reference_id GHSA-hhfx-5x8j-f5f6
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T19:03:18Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6
fixed_packages
0
url pkg:npm/payload@3.75.0
purl pkg:npm/payload@3.75.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz7-mz94-qkar
1
vulnerability VCID-n3wh-68vm-zfdq
2
vulnerability VCID-ucq6-796w-37hg
3
vulnerability VCID-yrej-ge5q-y3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.75.0
aliases CVE-2026-27567, GHSA-hhfx-5x8j-f5f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-meh9-e5ng-bkg3
5
url VCID-n3wh-68vm-zfdq
vulnerability_id VCID-n3wh-68vm-zfdq
summary 
Payload has a CSRF Protection Bypass in Authentication Flow
### Impact

A Cross-Site Request Forgery (CSRF) vulnerability existed in the authentication flow. Under certain conditions, the configured CSRF protection could be bypassed, allowing cross-site requests to be made.

Consumers are affected if ALL of these are true:

- Payload version **< v3.79.1**
- `serverURL` is configured

### Patches

This vulnerability has been patched in **v3.79.1**. Additional validation has been added to the authentication flow.

Consumers should upgrade to **v3.79.1** or later.

### Workarounds

There is no complete workaround without upgrading. 

If consumers cannot upgrade immediately, setting `cookies.sameSite` to `'Strict'` will prevent the session cookie from being sent cross-site. However, this will also require users to re-authenticate when navigating to the application from external links (e.g. email, other sites).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34749
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01596
published_at 2026-06-06T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01597
published_at 2026-06-07T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.0159
published_at 2026-06-05T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02293
published_at 2026-06-09T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02334
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34749
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/releases/tag/v3.79.1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:11:02Z/
url https://github.com/payloadcms/payload/releases/tag/v3.79.1
3
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-p6mr-xf3r-ghq4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T14:11:02Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-p6mr-xf3r-ghq4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34749
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34749
5
reference_url https://github.com/advisories/GHSA-p6mr-xf3r-ghq4
reference_id GHSA-p6mr-xf3r-ghq4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6mr-xf3r-ghq4
fixed_packages
0
url pkg:npm/payload@3.79.1
purl pkg:npm/payload@3.79.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.79.1
aliases CVE-2026-34749, GHSA-p6mr-xf3r-ghq4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3wh-68vm-zfdq
6
url VCID-q78h-gaub-5bc2
vulnerability_id VCID-q78h-gaub-5bc2
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30843
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.62651
published_at 2026-06-05T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62636
published_at 2026-06-08T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.6265
published_at 2026-06-09T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.6266
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30843
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/releases/tag/v1.7.0
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T16:45:52Z/
url https://github.com/payloadcms/payload/releases/tag/v1.7.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30843
reference_id CVE-2023-30843
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30843
4
reference_url https://github.com/advisories/GHSA-35jj-vqcf-f2jf
reference_id GHSA-35jj-vqcf-f2jf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jj-vqcf-f2jf
5
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-35jj-vqcf-f2jf
reference_id GHSA-35jj-vqcf-f2jf
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T16:45:52Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-35jj-vqcf-f2jf
fixed_packages
0
url pkg:npm/payload@1.7.0
purl pkg:npm/payload@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz7-mz94-qkar
1
vulnerability VCID-561q-1w64-yyhf
2
vulnerability VCID-a9vc-kmey-1qgc
3
vulnerability VCID-meh9-e5ng-bkg3
4
vulnerability VCID-n3wh-68vm-zfdq
5
vulnerability VCID-qk7y-bukt-wffj
6
vulnerability VCID-ucq6-796w-37hg
7
vulnerability VCID-yrej-ge5q-y3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@1.7.0
aliases CVE-2023-30843, GHSA-35jj-vqcf-f2jf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q78h-gaub-5bc2
7
url VCID-qk7y-bukt-wffj
vulnerability_id VCID-qk7y-bukt-wffj
summary 
Payload does not invalidate JWTs after log out
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).

This issue has been fixed in version 3.44.0 of Payload.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4643
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18868
published_at 2026-06-09T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18847
published_at 2026-06-08T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18921
published_at 2026-06-07T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.1896
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4643
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T11:54:20Z/
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/commit/26d709dda6e512ce347557eaa2057db6e0cbf809
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload/commit/26d709dda6e512ce347557eaa2057db6e0cbf809
3
reference_url https://cert.pl/en/posts/2025/08/CVE-2025-4643
reference_id CVE-2025-4643
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T11:54:20Z/
url https://cert.pl/en/posts/2025/08/CVE-2025-4643
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4643
reference_id CVE-2025-4643
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4643
5
reference_url https://github.com/advisories/GHSA-5v66-m237-hwf7
reference_id GHSA-5v66-m237-hwf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5v66-m237-hwf7
6
reference_url https://payloadcms.com
reference_id payloadcms.com
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T11:54:20Z/
url https://payloadcms.com
fixed_packages
0
url pkg:npm/payload@3.44.0
purl pkg:npm/payload@3.44.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz7-mz94-qkar
1
vulnerability VCID-a9vc-kmey-1qgc
2
vulnerability VCID-meh9-e5ng-bkg3
3
vulnerability VCID-n3wh-68vm-zfdq
4
vulnerability VCID-ucq6-796w-37hg
5
vulnerability VCID-yrej-ge5q-y3ah
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.44.0
aliases CVE-2025-4643, GHSA-5v66-m237-hwf7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qk7y-bukt-wffj
8
url VCID-ucq6-796w-37hg
vulnerability_id VCID-ucq6-796w-37hg
summary 
Payload has an SQL Injection via Query Handling
### Impact

Certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections.

### Patches

This issue has been fixed in **v3.79.1** and later. Query input validation has been hardened.

Upgrade to **v3.79.1 or later**.

### Workarounds

Until developers can upgrade:

- Limit access to endpoints that accept dynamic query inputs to trusted users only.  
- Validate or sanitize input from untrusted clients before sending it to query endpoints.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34747
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08189
published_at 2026-06-06T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08172
published_at 2026-06-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.08173
published_at 2026-06-05T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09553
published_at 2026-06-09T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09524
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34747
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/releases/tag/v3.79.1
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:07:03Z/
url https://github.com/payloadcms/payload/releases/tag/v3.79.1
3
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-7xxh-373w-35vg
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:07:03Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-7xxh-373w-35vg
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34747
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34747
5
reference_url https://github.com/advisories/GHSA-7xxh-373w-35vg
reference_id GHSA-7xxh-373w-35vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xxh-373w-35vg
fixed_packages
0
url pkg:npm/payload@3.79.1
purl pkg:npm/payload@3.79.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.79.1
aliases CVE-2026-34747, GHSA-7xxh-373w-35vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucq6-796w-37hg
9
url VCID-yrej-ge5q-y3ah
vulnerability_id VCID-yrej-ge5q-y3ah
summary 
Payload: Pre-Authentication Account Takeover via Parameter Injection in Password Recovery
### Impact

A vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of a user who initiates a password reset.

Users are affected if:

- They are using Payload version **< v3.79.1** with any auth-enabled collection using the built-in `forgot-password` functionality.

### Patches

Input validation and URL construction in the password recovery flow have been hardened.

Users should upgrade to **v3.79.1** or later.

### Workarounds

There are no complete workarounds. Upgrading to **v3.79.1** is recommended.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34751
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27103
published_at 2026-06-06T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27063
published_at 2026-06-07T12:55:00Z
2
value 0.00099
scoring_system epss
scoring_elements 0.27111
published_at 2026-06-05T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.2772
published_at 2026-06-09T12:55:00Z
4
value 0.00103
scoring_system epss
scoring_elements 0.27713
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34751
1
reference_url https://github.com/payloadcms/payload
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/payloadcms/payload
2
reference_url https://github.com/payloadcms/payload/releases/tag/v3.79.1
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-04T03:06:01Z/
url https://github.com/payloadcms/payload/releases/tag/v3.79.1
3
reference_url https://github.com/payloadcms/payload/security/advisories/GHSA-hp5w-3hxx-vmwf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-04T03:06:01Z/
url https://github.com/payloadcms/payload/security/advisories/GHSA-hp5w-3hxx-vmwf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34751
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34751
5
reference_url https://github.com/advisories/GHSA-hp5w-3hxx-vmwf
reference_id GHSA-hp5w-3hxx-vmwf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hp5w-3hxx-vmwf
fixed_packages
0
url pkg:npm/payload@3.79.1
purl pkg:npm/payload@3.79.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/payload@3.79.1
aliases CVE-2026-34751, GHSA-hp5w-3hxx-vmwf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrej-ge5q-y3ah
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/payload@0.9.0