Crafter CMS is an open source content management system (CMS) for digital experience applications.An expression injection vulnerability exists in Crafter CMS, which stems from the failure of a network system or product to properly filter special elements in code segments constructed from external input data. An attacker with the Administrator or Developer role could exploit this vulnerability to remotely execute arbitrary commands (RCE).