CNNVD-202602-1296 Information

CNNVD ID

CNNVD-202602-1296

Related CVE

CVE-2026-25493

• CNNVD Published: 2026-02-09

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 4.0.0-RC1版本至4.16.17版本和5.0.0-RC1版本至5.8.21版本存在代码问题漏洞，该漏洞源于Guzzle默认跟随HTTP重定向，可能导致绕过所有服务端请求伪造防护。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS Versions 4.0.0-RC1 to 4.16.17 and 5.0.0-RC1 to 5.8.21 have a code gap, which stems from Guzzle ’ s default re-direction with HTTP, which may lead to requests for false protection around all service lines.

Vulnerability Type

代码问题

Affected Vendor

Craft CMS

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/commit/0974055634af68998f67850ab2045d8aaa19fa98 https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-8jr8-7hr4-vhfx

Patch

https://github.com/craftcms/cms/releases