4 matches found
CVE-2026-14794
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
EUVD-2026-41805
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
CVE-2026-14794
Craft CMS vulnerability CVE-2026-14794 affects the Charts Endpoint (ChartsController.php, actionGetNewUsersData). The issue arises from input manipulation of userGroupId causing improper authorization, enabling a remote attack. Affected versions are Craft CMS up to 4.18.0.1; a fix is available in...