CNNVD-202602-1295 Information
CNNVD ID
CNNVD-202602-1295
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 4.0.0-RC1版本至4.16.17版本和5.0.0-RC1版本至5.8.21版本存在代码问题漏洞,该漏洞源于IP地址验证函数无法识别替代表示法,可能导致绕过阻止列表并访问云元数据服务。
Description (English)
Craft CMS is an open-source CMS content management system. Craft CMS Versions 4.0.0-RC1 to 4.16.17 and 5.0.0-RC1 to 5.8.21 have code gaps, which stem from the failure of the IP address authentication function to recognize alternative expressions, which may lead to bypassing the block list and accessing cloud metadata services.
Vulnerability Type
代码问题
Affected Vendor
Craft CMS
Published
2026-02-09
Last Modified
2026-02-24
References
https://github.com/craftcms/cms/commit/d49e93e5ba0c48939ce5eaa6cd9b4a990542d8b2 https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-m5r2-8p9x-hp5m
Patch
https://github.com/craftcms/cms/releases
Share on: