CVE-2026-41129 in Craftinformação

Sumário

de MITRE • 22/04/2026

Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create assets in the volume." Versions 4.17.9 and 5.9.15 patch the issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

17/04/2026

Divulgação

22/04/2026

Moderação

aceite

Entrada

VDB-358627

CPE

pronto

CWE

CWE-918 (confirmado)

CVSS

4.7 (VulDB)

EPSS

0.00042

KEV

não

Atividades

muito baixo

Sector

Agriculture, Hostingprovider, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41129
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41129
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41129/

◂ Voltar Visão Geral Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!