Vulnerability in Craftcms Webhooks

CVE-2026-32261

Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied templat…

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

Craftcms Webhooks — versions >= 3.0.0, < 3.2.0

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

https://github.com/craftcms/webhooks/security/advisories/GHSA-8wg7-wm29-2rvg (x_refsource_CONFIRM)
https://github.com/craftcms/webhooks/commit/88344991a68b07145567c46dfd0ae3328c521f62 (x_refsource_MISC)