CNNVD-202602-1290 Information

CNNVD ID

CNNVD-202602-1290

Related CVE

CVE-2026-25498

• CNNVD Published: 2026-02-09

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 4.0.0-RC1版本至4.16.17版本和5.0.0-RC1版本至5.8.21版本存在安全漏洞，该漏洞源于assembleLayoutFromPost函数未清理用户配置数据，可能导致远程代码执行。

Description (English)

Craft CMS is an open-source CMS content management system. The Craft CMS Versions 4.0.0-RC1 to 4.16.17 and 5.0.0-RC1 to 5.8.21 have a security loophole, which stems from the failure of the Assemble Layout FromPost function to clean up user profiles, which may result in remote code execution.

Vulnerability Type

其他

Affected Vendor

Craft CMS

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748 https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-7jx7-3846-m7w7

Patch

https://github.com/craftcms/cms/releases