Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...

Active Debug Code

Overview putyourlightson/craft-sprig is an A reactive Twig component framework for Craft. Affected versions of this package are vulnerable to Active Debug Code in the Sprig Playground component. An administrator can access sensitive information, such as security keys, credentials, and configurati...

GHSA-M59H-42JF-CPHR Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...

CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

CVE-2026-27131

The CVE concerns the Sprig Plugin for Craft CMS. Versions 2.0.0 up to, but not including, 2.15.2 and 3.15.2 expose a risk where admin users or those with Sprig Playground access could reveal the security key, credentials, and other sensitive configuration data, and could also run the hashData() s...

CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...