2 matches found
CVE-2026-27886
CVE-2026-27886 affects Strapi (open source headless CMS). Versions prior to 5.37.0 (from 4.0.0 onward) fail to sufficiently sanitize query parameters when filtering via relational fields. An unauthenticated attacker can use the public Content API’s where parameter on fields like updatedBy to perf...
Improper Neutralization of Special Elements in Data Query Logic
Overview @strapi/strapi is an updated version of the old 'strapi', which is a free and open-source headless CMS delivering your content anywhere you need. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the query parameter...