Lucene search
K

6 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.11 views

CVE-2026-56394

Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...

7.1CVSS0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:27 p.m.34 views

CVE-2026-56394 Craft CMS - Authenticated Path Traversal in assets/icon Extension Parameter

Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...

7.1CVSS0.00336EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:27 p.m.5 views

CVE-2026-56394

Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...

7.1CVSS5.9AI score0.00336EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/21 1:27 p.m.8 views

EUVD-2026-38160

Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...

7.1CVSS5.9AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:27 p.m.29 views

CVE-2026-56394

Craft CMS 4.0.0-RC1 contains an authenticated path traversal in the assets/icon endpoint. The extension parameter is not validated before file-existence checks, allowing traversal sequences to resolve to existing SVG files and enabling local file read access. Root cause is improper validation of ...

7.1CVSS5.9AI score0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51235

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 and later Description An authenticated path traversal flaw exists in the 'assets/icon' endpoint. The issue occurs because the extension parameter is not validated before the system performs file existence checks. A...

7.1CVSS5.8AI score0.00336EPSS
Exploits0References11
Rows per page
Query Builder