CNNVD-202601-811 Information

CNNVD ID

CNNVD-202601-811

Related CVE

CVE-2025-68454

• CNNVD Published: 2026-01-05

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-RC1版本至5.8.20版本和4.0.0-RC1版本至4.16.16版本存在安全漏洞，该漏洞源于Twig模板输入处理不当，可能导致经过身份验证的远程代码执行。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS Versions 5.0.0-RC1 to 5.8.20 and 4.0.0-RC1 to 4.16.16 have a security loophole, which stems from the inappropriate handling of Twig templates, which may lead to the implementation of identity-verified remote codes.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Craft CMS

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 https://github.com/craftcms/cms/commit/d82680f4a05f9576883bb83c3f6243d33ca73ebe https://github.com/craftcms/cms/security/advisories/GHSA-742x-x762-7383

Patch

https://github.com/craftcms/cms/releases