Lucene search
K

4 matches found

Anthropic
Anthropic
added 2026/03/29 8:43 p.m.18 views

ANT-2026-ZQ8AY22X · CraftCMS · privilege-escalation

privilege-escalation high GHSA-cc7p-2j3x-x7xf Severity Claude high · Security research firm - · Maintainer high Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-ZQ8AY22X: Privilege Escalation/Bypass through...

6AI score
Exploits0
Veracode
Veracode
added 2026/03/21 5:22 a.m.11 views

Incorrect Authorization

Craft CMS is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks in the UsersController-actionImpersonateWithToken functionality, which allows an attacker to abuse shared or low-privileged access to gain administrative privileges...

9.8CVSS5.9AI score0.0773EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 7:4 p.m.3 views

CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

7.7CVSS5.7AI score0.0773EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/16 7:4 p.m.35 views

CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

7.7CVSS0.0773EPSS
Exploits1References2
Rows per page
Query Builder