CVE-2026-31858
CraftCMS is affected by a blind SQL injection in ElementSearchController::actionSearch(), where unset() protection added to ElementIndexesController in CVE-2026-25495 was not applied. This allows any authenticated control panel user to inject arbitrary SQL via criteria[where], criteria[orderBy], ...