Vulnerability in Craftercms
CVE-2026-1770
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may…
EPSS: 0.004 (34.1th percentile) — read the EPSS interpretation.
Affected products
- Craftercms — versions 4.0.0