Lucene search
K

4 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.11 views

CVE-2026-56384

Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...

5.3CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:27 p.m.22 views

CVE-2026-56384

Craft CMS has a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:27 p.m.36 views

CVE-2026-56384 Craft CMS - Missing Authorization in assets/preview-thumb Endpoint

Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...

5.3CVSS0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51232

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.7 Craft CMS versions 5.0.0-RC1 through 5.9.13 Description A missing authorization issue exists in the 'assets/preview-thumb' endpoint. A Control Panel user lacking permissions to view a specific privat...

5.3CVSS6AI score0.00193EPSS
Exploits0References11
Rows per page
Query Builder