6 matches found
GHSA-P6MR-XF3R-GHQ4 Payload has a CSRF Protection Bypass in Authentication Flow
Impact A Cross-Site Request Forgery CSRF vulnerability existed in the authentication flow. Under certain conditions, the configured CSRF protection could be bypassed, allowing cross-site requests to be made. Consumers are affected if ALL of these are true: - Payload version v3.79.1 - serverURL is...
Payload has Authenticated SSRF via Upload Functionality
Impact An authenticated Server-Side Request Forgery SSRF vulnerability existed in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Consumers are affected if ALL of...
GHSA-6R7F-Q7F5-WPX8 Payload has Authenticated SSRF via Upload Functionality
Impact An authenticated Server-Side Request Forgery SSRF vulnerability existed in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Consumers are affected if ALL of...
@01.software/sdk (>=0.0.1-251008.90016 <=0.1.4), @adenta/cms (>=0.0.6 <=1.1.1-0) +32 more potentially affected by CVE-2026-27567 via payload (>=3.0.0-alpha.46 <=3.75.0-internal.8e0f8ba)
payload NPM version =3.0.0-alpha.46, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 - @remy90/payload-conditions-plugin =0.2.2 and more Source cves: CVE-2026-27567 Source advisory: SNYK:JS-PAYLOAD-15344407...
CVE-2026-27567
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...
CVE-2025-4643 Lack of JWT Expiration after Log Out in PayloadCMS
Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...