Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8wt9-cu32-qugd
Vulnerability ID VCID-8wt9-cu32-qugd
Aliases CVE-2022-26969
GHSA-g27j-74fp-xfpr
GMS-2022-677
Summary Duplicate This advisory duplicates another.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-942 Permissive Cross-domain Policy with Untrusted Domains
System Score Found at
epss 0.00909 https://api.first.org/data/v1/epss?cve=CVE-2022-26969
epss 0.00909 https://api.first.org/data/v1/epss?cve=CVE-2022-26969
cvssv3.1 9.8 https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
generic_textual CRITICAL https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
ssvc Track https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-g27j-74fp-xfpr
cvssv3.1 9.8 https://github.com/directus/directus
generic_textual CRITICAL https://github.com/directus/directus
cvssv3.1 9.8 https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
generic_textual CRITICAL https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
ssvc Track https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
cvssv3.1 9.8 https://github.com/directus/directus/pull/12022
generic_textual CRITICAL https://github.com/directus/directus/pull/12022
ssvc Track https://github.com/directus/directus/pull/12022
cvssv3.1 9.8 https://github.com/directus/directus/releases/tag/v9.7.0
generic_textual CRITICAL https://github.com/directus/directus/releases/tag/v9.7.0
ssvc Track https://github.com/directus/directus/releases/tag/v9.7.0
cvssv3.1 9.8 https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr
cvssv3.1_qr CRITICAL https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr
generic_textual CRITICAL https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26969
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-26969
cvssv3.1 9.8 https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822
generic_textual CRITICAL https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822
ssvc Track https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-26969
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
https://github.com/directus/directus
https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
https://github.com/directus/directus/pull/12022
https://github.com/directus/directus/releases/tag/v9.7.0
https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822
CVE-2022-26969 https://nvd.nist.gov/vuln/detail/CVE-2022-26969
GHSA-g27j-74fp-xfpr https://github.com/advisories/GHSA-g27j-74fp-xfpr
GHSA-g27j-74fp-xfpr https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/ Found at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/directus/directus
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/ Found at https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/directus/directus/pull/12022
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/ Found at https://github.com/directus/directus/pull/12022
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/directus/directus/releases/tag/v9.7.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/ Found at https://github.com/directus/directus/releases/tag/v9.7.0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-26969
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/ Found at https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822
Exploit Prediction Scoring System (EPSS)
Percentile 0.76188
EPSS Score 0.00909
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:41:58.904115+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/directus/GMS-2022-677.yml 38.6.0