CNNVD-202602-1297 Information

CNNVD ID

CNNVD-202602-1297

Related CVE

CVE-2026-25492

• CNNVD Published: 2026-02-09

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 3.5.0版本至4.16.17版本和5.0.0-RC1版本至5.8.21版本存在代码问题漏洞，该漏洞源于save_images_Asset GraphQL突变可被滥用绕过主机名验证，可能导致检索敏感数据。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS Versions 3.5.0 to 4.16.17 and 5.0.0-RC1 to 5.8.21 have a code gap, which stems from the misuse of the mutations of save images Asset GraphQL to bypass host name authentication, which may lead to the retrieval of sensitive data.

Vulnerability Type

代码问题

Affected Vendor

Craft CMS

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/commit/e838a221df2ab15cd54248f22fc8355d47df29ff https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-96pq-hxpw-rgh8

Patch

https://github.com/craftcms/cms/releases