CVE-2026-41129 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Reques…
Medium CVSS: 5.5

CVE-2026-41129

Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the <VolumeName> volume" and "Create assets in the <VolumeName> volume." Versions 4.17.9 and 5.9.15 patch the issue.
Vendor
-
Product
-
CWE
CWE-918
Yayın Tarihi
2026-04-22 00:16:28
Güncelleme
2026-04-22 00:16:28
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-918 MEDIUM 2026

Referanslar

https://github.com/craftcms/cms/commit/d20aecfaa0eae076c4154be3b17e1f9fa05ce46f https://github.com/craftcms/cms/security/advisories/GHSA-3m9m-24vh-39wx