CNNVD-202602-1291 Information
CNNVD ID
CNNVD-202602-1291
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 4.0.0-RC1版本至4.17.0-beta.1之前版本和5.9.0-beta.1之前版本存在安全漏洞,该漏洞源于saveAsset GraphQL突变授权验证不当,可能导致权限提升和跨卷资产修改。
Description (English)
Craft CMS is an open-source CMS content management system. There was a security loophole between Craft CMS 4.0.0-RC1 and 4.17.0-beta.1 and 5.9.0-beta.1, which stemmed from the improper verification of the mutation authorization of SaveAsset GraphQL, which could lead to the upgrading of authority and the modification of assets across volumes.
Vulnerability Type
其他
Affected Vendor
Craft CMS
Published
2026-02-09
Last Modified
2026-02-24
References
https://github.com/craftcms/cms/commit/ac7edf868c1a81fd9c4dc49d3b3edf1cce113409 https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-fxp3-g6gw-4r4v
Patch
https://github.com/craftcms/cms/releases
Share on: