CVE-2026-41129 in Craftthông tin

Tóm tắt

Bởi MITRE • 22/04/2026

Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create assets in the volume." Versions 4.17.9 and 5.9.15 patch the issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

17/04/2026

Tiết lộ

22/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-358627

CPE

sẵn sàng

CWE

CWE-918 (Đã xác nhận)

CVSS

4.7 (VulDB)

EPSS

0.00042

KEV

không

Các hoạt động

rất thấp

ngành

Hostingprovider, Agriculture, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41129
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41129
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41129/

◂ Trước Tổng Quan Tiếp theo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!