Vulnerability in Payloadcms

CVE-2026-11779

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

Affected products

Payloadcms — versions 3.84.1

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

help@fluidattacks.com (third-party-advisory)
help@fluidattacks.com (product)