Vulnerability in N/a

CVE-2026-31317

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References