CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

CVE-2026-27127

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

EUVD-2026-7402

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

CVE-2026-27127

CVE-2026-27127 affects Craft CMS (versions 4.5.0-RC1–4.16.18 and 5.0.0-RC1–5.8.22). It exploits a TOCTOU DNS rebinding flaw in the GraphQL Asset mutation where DNS resolution occurs separately from the HTTP request, bypassing prior fixes for CVE-2025-68437 and allowing access to blocked IPs. Expl...

CVE-2026-27126

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126

Craft CMS has a stored XSS vulnerability in the editableTable.twig component when using the html column type. Affects versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22. The issue is due to inadequate sanitization of the html column input, enabling arbitrary JavaScript execution when...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

PT-2026-21760

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.75.0 Description Payload is a free and open source headless content management system. A Server-Side Request Forgery SSRF issue exists in the external file upload functionality. Insufficient validation of HTTP...

Unity Linux 20.1060e / 20.1070e Security Update: wireshark (UTSA-2026-005365)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005365 advisory. In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that...

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.5.0-RC1 to 4.16.18, as well as from 5.0.0-RC1 to 5.8.22, have a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the html column type input in the...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are security vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a TOCTOU issue in the SSRF validation of GraphQL Assets, which could lead t...

SPIP Ultimate Auditor – Comprehensive Security Assessment Script

SPIP Ultimate Auditor is a Python-based security assessment script designed to perform a multi-phase audit against a SPIP CMS installation. The tool automates reconnaissance and misconfiguration detection tasks to identify potential security weaknesses in a target deployment...

GetSimple CMS 跨站脚本漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 3.3.16 of GetSimple CMS has a cross-site scripting vulnerability. This vulnerability stems from improper output encoding of user inputs for the slug field in component functions. It may lead to...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the getTokenRoute function. An attacker can bypass token usage limits by sending concurrent requests before the database update completes,...

GHSA-GP2F-7WCM-5FHX Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the validateHostname function. An attacker can access internal cloud metadata endpoints and retrieve sensitive credentials by exploiting a...

Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

CVE-2019-25439

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...