CVE-2026-34746 in payload
Resumen (Inglés)
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Responsable
GitHub_M
Reservar
2026-03-30
Divulgación
2026-04-01
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354763 | payloadcms payload Upload escalada de privilegios | 918 | No está definido | Arreglo oficial | CVE-2026-34746 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV