CVE-2026-25574 Payload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)

Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...