An access control error vulnerability exists in Crafter CMS, an open source content management system (CMS) for digital experience applications, which stems from a system that does not validate groovy scripts. An attacker with administrator, developer privileges could use the groovy lib to render pages and execute arbitrary commands through this vulnerability.