15 matches found
CVE-2026-27129
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...
CVE-2026-27127
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27127
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27129
CVE-2026-27129 affects Craft CMS, where the SSRF protection in the GraphQL Asset mutation (versions 4.5.0-RC1–4.16.18 and 5.0.0-RC1–5.8.22) is bypassed due to using gethostbyname(), which only resolves IPv4. If a host has only IPv6 (AAAA) records, the function returns the hostname, causing blockl...
CVE-2026-27129
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...
CVE-2026-27127
CVE-2026-27127 affects Craft CMS (versions 4.5.0-RC1–4.16.18 and 5.0.0-RC1–5.8.22). It exploits a TOCTOU DNS rebinding flaw in the GraphQL Asset mutation where DNS resolution occurs separately from the HTTP request, bypassing prior fixes for CVE-2025-68437 and allowing access to blocked IPs. Expl...
CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
CVE-2026-27127
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
Craft CMS 代码问题漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...
GHSA-GP2F-7WCM-5FHX Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding
Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...
Craft CMS: GraphQL Asset Mutation Privilege Escalation
There is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileges and modify/transfer assets belonging to any other volume, including restricted or private volumes to which they should not...
CVE-2026-25497
CVE-2026-25497 : Privilege escalation in Craft CMS GraphQL API affecting versions 4.0.0-RC1 through before 4.17.0-beta.1 and 5.9.0-beta.1. An authenticated user with write access to one asset volume can escalate privileges and modify/transfer assets across volumes, including private or restricted...
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...