4 matches found
ANT-2026-ZQ8AY22X · CraftCMS · privilege-escalation
privilege-escalation high GHSA-cc7p-2j3x-x7xf Severity Claude high · Security research firm - · Maintainer high Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-ZQ8AY22X: Privilege Escalation/Bypass through...
Incorrect Authorization
Craft CMS is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks in the UsersController-actionImpersonateWithToken functionality, which allows an attacker to abuse shared or low-privileged access to gain administrative privileges...
CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...
CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...