3 matches found
CVE-2026-28695
Craft is a content management system CMS. There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create Twig function combined with a Symfony Process gadget chain. The create Twig function exposes Craft::createObject, which allows instantiation of...
CVE-2026-28695
Craft is a content management system CMS. There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create Twig function combined with a Symfony Process gadget chain. The create Twig function exposes Craft::createObject, which allows instantiation of...
CVE-2026-28695
creationtimestamp| type| source ---|---|--- 2026-03-02 23:04:57+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-94rc-cqvm-m4pw...