12 matches found
CVE-2026-25493
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypa...
CVE-2026-25494
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...
Server-side Request Forgery (SSRF)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklis. An attacker can access internal resources or sensiti...
CVE-2026-25497
Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their...
CVE-2026-25494
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...
CVE-2026-25494
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...
CVE-2026-25493
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypa...
CVE-2026-25493
Craft CMS versions 4.0.0-RC1–4.16.17 and 5.0.0-RC1–5.8.21 contain an SSRF bypass in the saveAsset GraphQL mutation: the hostname/IP blocklist check is bypassed because Guzzle follows redirects by default, allowing an attacker to point redirects to cloud metadata endpoints or internal addresses. A...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There were security vulnerabilities in versions of Craft CMS from 4.0.0-RC1 up to 4.17.0-beta.1, as well as in version 5.9.0-beta.1. These vulnerabilities stemmed from improper authorization validation in the saveAsset...
PT-2026-7143
Name of the Vulnerable Software and Affected Versions Craft versions 4.0.0-RC1 through 4.16.17 Craft versions 5.0.0-RC1 through 5.8.21 Description The saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default...