CVE-2026-1770

Medium CVSS: 4.5

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Vendor

Product

CWE

CWE-913

Yayın Tarihi

2026-02-02 17:16:17

Güncelleme

2026-02-03 16:44:36

Source Identifier

security@craftersoftware.com

KEV Date Added

Kategoriler

CWE-913 MEDIUM 2026

Referanslar

https://docs.craftercms.org/current/security/advisory.html#cv-2026020201