CNNVD-202601-814 Information
CNNVD ID
CNNVD-202601-814
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 5.0.0-RC1版本至5.8.20版本和4.0.0-RC1版本至4.16.16版本存在代码问题漏洞,该漏洞源于GraphQL突变中url参数验证不足,可能导致服务端请求伪造攻击。
Description (English)
Craft CMS is an open-source CMS content management system. There is a code gap between Craft CMS Version 5.0.0-RC1 version to 5.8.20 and between 4.0.0-RC1 version to 4.16.16, which stems from inadequate verification of url parameters in the GraphQL mutation, which may result in a service request for a false attack.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Craft CMS
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 https://github.com/craftcms/cms/commit/013db636fdb38f3ce5657fd196b6d952f98ebc52 https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc
Patch
https://github.com/craftcms/cms/releases
Share on: